Flexcoin, a Website that once billed itself as the “world’s first Bitcoin bank,” is reporting a massive robbery.
The theft was a crippling blow, the posting continued: “As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.”
Those who kept Bitcoins in Flexcoin’s cold storage, however, might have reason to hope: “Once identified, cold storage coins will be transferred out free of charge. Cold storage coins were held offline and not within reach of the attacker.” Flexcoin’s administrators “will attempt” to work with law enforcement to trace the hack, and will post updates to Twitter “as soon as they become available.”
In its Terms of Service, Flexcoin claimed that all Bitcoin transactions involved HTTPS with a valid SSL Certificate (and 256-bit AES encryption), in addition to whatever other security measures the “bank” may have put in place on the backend. That ToS also absolves Flexcoin’s shareholders from liability for any lost Bitcoins, which could infuriate customers who were somehow unaware of the risks of dealing in a crypto-currency without government backing.
Flexcoin isn’t alone in suffering a major Bitcoin hack: the Japan-based Mt.Gox Bitcoin exchange, one of the world’s most prominent, went offline in February amidst speculation that hackers had stolen most—or maybe all—of the Bitcoins under its stewardship; based off unauthenticated documents, Wired estimated that Mt.Gox may have lost as much as 744,408 Bitcoin, the equivalent of $350 million. If that wasn’t enough, Silk Road 2 (the reincarnation of the famed illicit-goods e-commerce site) recently reported losing $2.7 million worth of Bitcoin in a hack, which that site’s administrator blamed on a flaw in the “transaction malleability” protocol of Bitcoin that allowed for repeated withdrawal of coins from the system.
That same “transaction malleability” is widely blamed for the Mt.Gox heist—which means the crypto-currency could have a significant vulnerability baked into its very code.