The Currency Exchange BTER announced that it lost 7,170 bitcoins or roughly $1.75 million at press time, in a hack on its cold wallet system.
In a statement posted on the their website BTER.COM, the company state that it had shut down its platform to prevent any other attack and the users withdrawals “will be arranged later”.
On Chinese social media platform Weibo, BTER claimed that it was working with law enforcement officials on the matter. It remains unclear exactly how the BTER cold wallet was compromised, it was used the same exploit when 1.65M$ in NXT funds, were stolen?. We will see in our future updates.
BTER says it is offering a 720 BTC bounty “for chasing it back”, although the company did not elaborate on the exact nature of the bounty.
So in that situation 24/7 Crypto News Team, decided to put their detective hat on, and start a research. Here is our findings :
The 7120 Bitcoins are distributed equally to 7 accounts, all of them were relayed in a Swiss Based IP “126.96.36.199” which is hosting a crypto related website, https://coingavel.com . The Bitcoin network used the same relay IP for all 7 transactions, when the funds were stolen out of BTER , we know that relay IP it’s not necessarily the source IP, but we will investigate further. If you can help us with this research you can use our Contact button. We think we’ve done our research pretty well, but will need Authorities support to trace all this back to the original hacker.
https://blockchain.info/address/1AFbZuU5PufViRhNCChw8br6beo6K78r2H https://blockchain.info/address/1KPNHv8mfMPNivHptAiwwytUVZmzovVF8f https://blockchain.info/address/1MgM7WMAVteJ3k4PqfyB9AKdaBnHvdxvdG https://blockchain.info/address/14kgEXiKWCN46BEHVNwYjyuohFN83Uc5Jt https://blockchain.info/address/1J4TJQKgh1phPMcsV8cbRkAhV2Q6V8wW25 https://blockchain.info/address/1Q2MxBc9Zbe6A35mTcD5jyU8PMr4K6oqGC https://blockchain.info/address/1Muse5NL7nDPPHVreF2Gkq5wv5XLbC2Qtz
[UPDATE 2-15-2015 – 9:55 PM +2 UTC]
We have a possible future aid in finding the real hacker! With help from Franko Collective people who started as well to research on this horrible situation of BTER we gathered some info about that relay IP from Switzerland. His name is Woźniak Sebastian . Why do we believe it’s a possible aid? Well, he seems to be a hacking & Bitcoin enthusiast having an article on Hacking9 & a profile on Bitcoin Foundation. He help’s the Bitcoin Network by having a node, If we can get to his node server we can lookup in logs and see were the transaction it’s gone and what possible IP we got, so it will remain a mystery till further information. Until we investigate more into this serious issue. We will keep you updated on our tracing to the guy who robbed BTER, again this is “Wozniak Sebastian” is just a link, a hint, somebody that could help us track the real hacker down by looking in his possible node logs.
[UPDATE 16-02-2015 – 9:50 AM +2 UTC]
We have been contacted by Wozniak Sebastian, he has no connection with the hacking and it’s a big supporter of the Bitcoin ecosystem by setting up a node. His node had been a relay to these transactions and he also stated that will help in this investigation as much as it is possible and stays in his power. We will come back with more information as soon as we get them.
For now we got e-mails from people who are willing to help and use software that could help us find the real IP of the attacker. The funds haven’t moved yet and they got a weird encrypted note on each transaction.
Sebastian Wozniak official statement:
Regarding the theft of the bitcoins I want to say that I’m deeply concerned about it. I’m also running an Bitcoin exchange Bitcurex.com where I’m an CEO, and I understand how this things can be anoying and damaging to bitcoin ecosystem. We will do anything to monitor any high volume of bitcoin transfer in our exchange to help catch the thief.
Bitcoin exchanges has become and easy target, running exchange is a hard work, and our main concerne is security of users funds.
Once again We hope that person behind it will be brought to justice and the stolen Bitcoins will be recovered as soon as possible.
[UPDATE 16-02-2015 – 1:45 PM +02:00 UTC]
We are sad to find out that the relay NODE “188.8.131.52″ didn’t had any monitoring service installed on it, that would have helped us to reach the real source of hack much more easier, this made us think that due to high hacks in Bitcoin ecosystem, we will need nodes that use monitoring services so in cases of theft’s like this one, we can easy pin down the hacker or at least his proxy and from there we can go further in finding him.
Meanwhile, some users seem to enjoy BTER losses and some are so desperate that are sending Bitcoin transactions to the hacker addresses with different notes. Here is the screenshot with the latest notes on the hacker addresses.
24/7 Crypto News will continue to research and watch the situation of BTER, keeping our readers updated to this situation as soon as we get new information.