An online wallet service for Bitcoin and other crypto-currencies CoinWallet was forced to shut down their operations by May 1, 2016, after an ugly data breach incident that transpired on April 6, 2016.
This is the Fourth Bitcoin platform in the past month to get knocked out by a cyber-attack in a row, and the fourth one to shut down operations. Last month, Bitcoin startup Coinkite Inc also announced quitting their operation due to never ending DDoS attacks on their servers.
The Coin Wallet team is said to have recognized the cause of the attack, which is allegedly a fresh service update to add new features. This new function permitted user input, which backfired cause of lack of filtering. The attacker deceptively added some nasty code to this input field, which after server execution activated a vindictive database call that viciously manipulated the service.
CoinWallet stated that in the whole malfunctioning no customer funds were stolen all thanks to its secondary security features that were explicitly designed to avert illicit transactions.
CoinWallet staff is said to have instantly reset all user passwords along with deleting all API keys, and they also shunned their Twitter Tip Bot, post the erroneous server breach.
CoinWallet admins admit that their user passwords were “encrypted and salted,” but they are not foolproof as they can be breached time and again hence they urge their users to timely change their passwords whilst using the CoinWallet user and password combination for additional online services. The company further revealed that this incident shook their beliefs of having a fool proof account and made them question its legitimacy, keeping in view the time, cost and associated hazards, threats involved.
As a consequence of the breach, the company ownership decided to shut down the service by 1st May 2016. They further implored CoinWallet users to log into their accounts and salvage any funds they might have deposited on the service. CoinWallet is not the only Bitcoin trader to shut down their operation in the past month. A proprietorship is also game for a takeover if provided.
Preceding the data breach, CoinWallet was adept at making Bitcoin trades and transactions in 82 different types of crypto-currencies, from the renowned Bitcoin and Dogecoin to the murkier Cannabiscoin, Solarcoin, and Metalcoin. During the same weekend, another Bitcoin trader the ShapeShift service was struck by a similar cyber-incident on April 7, and disrupted its service for an estimative future, vowing to reorganize its whole infrastructure from the scratch.