A British exchange with Ukrainian roots, BTC-Alpha, was subjected to a hacking attack. Passwords stored in encrypted form were compromised, but funds were not touched. This was stated the exchange’s CEO Vitaliy Bodnar.
According to him, the hackers found ‘some breach’ in the system and carried out a DDoS attack.
“User balances are fully secure; we did not lose a single cent, but the hashes of users’ passwords were compromised. For this reason, access to accounts is temporarily restricted,” Bodnar said.
He added that the hackers promised to leak the source code of the trading platform on GitHub.
The attack was, according to the exchange’s CEO, caused by information leakage. The BTC-Alpha security team is examining this version.
In a ForkLog comment, Vitaliy Bodnar clarified that the passwords were stolen in encrypted form, but the BTC-Alpha team nonetheless believes that all user passwords should be changed.
“We do not store passwords in plaintext; none of the team members knows a user’s password,” he added.
In the course of the investigation, the exchange team found that the attack detected on November 1 had been in preparation for a long time. On October 25, hackers had already compromised the computers of several BTC-Alpha employees.
“Employees were studied, their interests, connections, and level of access in the system. This was a symbiosis of attacks, ranging from phishing to backdoors and full control of hacked team members’ computers,” Bodnar said.
At the time of writing, BTC-Alpha was undergoing maintenance. The team promises to resume operations soon.
Earlier, in August, Bilaxy, Seychelles-based cryptocurrency exchange, reported a hot-wallets breach. The amount of the loss was not disclosed.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analysis.