The Bitcoin exchange service Bitstamp suffered from a hack, but it remains unclear as to what the attackers stole, other than customer email addresses.
A Bitstamp user reported receiving a malicious email that attempted to trick him into installing malware disguised as a PDF document.
Eleuthria, the operator of BTC Guild, said the Bitcoin exchange’s mailing list ended up stolen. Apparently, attackers stole the email addresses around two weeks ago and they ended up used to send out fake BTC Guild support emails informing recipients about a 3.201 Bitcoin transfer.
“I informed Bitstamp that they had at least a breach on their email list, if not the rest of their system. At first they denied it, but in a follow up they eventually admitted to it. They then sent out a little security update email mentioning 2FA/password security,” Eleuthria said.
Bitstamp then posted a tweet to warn customers about new phishing emails carrying the subject line “Bitstamp trading will be suspended for 24 hours.”
Later, they introduced two-factor authentication for Bitcoin and Ripple withdrawals.
On February 11, Bitstamp suspended Bitcoin withdrawal processing due to a denial-of-service (DoS) attack. Automated processing for withdrawals resumed February 15.