After hack, Bitcoin exchange comes back online

BitFloor's founder said he intends to pay back victims, but it will take time

A small New York-based company that specializes in exchanging Bitcoins is back online after hackers stole about US$250,000 worth of the virtual currency earlier this month.

Roman Shtylman, founder of BitFloor, said by phone from London on Monday he reported the theft to the FBI and that he intends to pay back victims whose Bitcoins were stolen.

How long that will take I dont know," Shtylman said. "Certainly for me this is a long-term plan, and Im mostly doing this because I feel it's important to try and be clear of my intention to try and recover the coins."

Bitcoin is a virtual currency, created by a mysterious person who went by the name "Satoshi Nakamoto" and has extensive knowledge of cryptography. Bitcoins are transferred using software programs that connect to a peer-to-peer system that cryptographically verifies the transaction.

Bitcoin "miners" are people who have built heavy-duty computing systems which maintain the integrity of the transaction system. For their work, they are periodically awarded Bitcoins, which have a fluctuating market value and can be traded for cash on exchanges such as BitFloor.

Nakamoto launched Bitcoin in early 2009. He was active in the Bitcoin community at the onset, and then disappeared: no one has conducted an interview with him, and efforts to uncover his true identity have been fruitless. A nine-page white paper written by Nakamoto describes the system.

Unsurprisingly, Bitcoin exchanges are prime targets for hackers, and several exchanges have been hacked. Because of how Bitcoin's peer-to-peer system is designed, transactions are irreversible unless the receiver of the Bitcoins chooses to send some back to the sender.

All transactions using Bitcoin are publicly recorded. Users have a 32-character alpha-numeric address, which is used to transfer funds. That address -- and the receiving address -- are available to see on websites such as

According to those records, the hacker has not transferred or spent the funds, Shtylman said. While Bitcoin offers a high degree of anonymity for Bitcoin-only transactions, at some point, users probably want to exchange their Bitcoins for cash (one Bitcoin was trading for $12.06 on Tuesday according to the largest exchange, Mt. Gox).

Bitcoin exchanges need a certain amount of information from users in order to pay them, including a person's name and bank account details. That offers a potential opportunity to trace a thief. Bitcoin has drawn attention, but no country has tried to regulate it, and exchanges do not want to be linked to money laundering or other shady deals.

Shtylman said the hack was devastating, and the cost well exceeded revenues he had made since he launched trading on BitFloor in October 2011. The loss, amounting to about 24,000 Bitcoins, was his fault: he had left the private keys --- needed to unlock and transfer Bitcoins -- on an unencrypted disk. Bitcoin uses public key cryptography for security.

Following the hack, Shtylman attended a Bitcoin conference in London where no one expressed anger at him.

"Most users and existing members of the community have been very supportive and wanted to see BitFloor come back online," Shtylman said.

Since relaunching, Shtylman said he is now keeping private keys in so-called "cold storage," or on offline computers not connected to the BitFloor's exchange. All funds that are live on the exchange will be backed by BitFloor, he said.

"We are never going into a situation where we are doing fractional reserve," Shtylman said, where funds belonging to customers are also used for other purposes.

Send news tips and comments to

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place