Cybercriminals have stolen $1.3 million dollars’ worth of Bitcoin from inputs.io, a company that let users store the digital currency in online wallets, the site’s founder claimed in a message on the site on Friday that started with a frowning emoticon.
The founder, known only as TradeFortress, wrote that cybercriminals hacked into his site on two different occasions and stole 4,100 BTC, the equivalent of $1.3 million. If true, this would be one of the 15 biggest robberies in Bitcoin’s history, according to one list of Bitcoin heists (the biggest theft involved 263,024 BTC).
The hackers gained access to the site’s database by disguising their identities through a social engineering attack, TradeFortress told Wired.
TradeFortress explained in an announcement that the hackers broke into the site’s hosting account by compromising a series of email accounts. They were even able to bypass two-factor authentication, exploiting a flaw on the host server.
The hacks occurred on Oct. 23 and Oct. 26, but TradeFortress only began notifying the affected users this week. In a post in the BitcoinTalk forums, TradeFortress informed theft victims that refunds are on the way, but that the site doesn’t have enough funds “to pay everyone fully.”
Given the fact that Bitcoin are extremely hard to trace, chances are slim that the hackers will be caught. But some suspect the heist may have been contrived by TradeFortress to steal customers’ digital currency. But TradeFortress has denied these accusations in an interview with ABC Australia.
After the heist, TradeFortress said the site is effectively dead and issued a warning to Bitcoin owners who use online wallets instead of storing them locally on computers.