In a message posted to their website, Coinwallet.co announced that their wallet service has suffered a data breach and that they are closing down their wallet permanently.
According to Coinwallet, the wallet was hacked on April 6 due to an error in their code where they weren’t sanitizing a user input which was exploited by the hackers to gain access to their database. Luckily, it appears they had a backup security system, which was initiated and according to the wallet provider no customer coins were lost. However, it seems the attackers were able to gain access to some database information such as passwords, as they advised all users to change passwords anywhere they were using the same password that they used on Coinwallet.co.
Due to the security breach, Coinwallet said they are closing down and not reopening. They said,
This incident prompted us to reassess the viability of running coinwallet.co and it was decided it is just not viable taking into consideration the risk, costs and time involved.
All Coinwallet users have to withdraw any coins they have in their wallet by May 1, 2016. Here is the statement in full on their website:
It is with great regret that we announce the closure of CoinWallet.co.
Our decision to close is based on several factors. Primarily, on the 6th of April we suffered a data breach.
Despite our best efforts there was a small error in a part of our code that should have checked and sanitized user input on a recently added function. Checks were in place but the check was then subsequently not used to block the database call.
Our backup security system kicked in as it was designed to and no coins were lost. We have since patched the vulnerability but are still trying to determine the extent of the breach. However it would be advised to change passwords on any other crypto related websites where you use the same password and username as coinwallet.co. We used encrypted and salted passwords but given enough time these should be assumed compromised.
Effective immediately, we have reset all passwords, deleted all API keys, and halted the twitter Tip Bot.
This incident prompted us to reassess the viability of running coinwallet.co and it was decided it is just not viable taking into consideration the risk, costs and time involved.
As mentioned above all coins are safe and available for immediate withdrawal. Given the large number of transactions that will occur over the next few days and weeks, we expect there may be some delays in processing some transactions. Please be patient and rest assured we will process all transactions as quickly as possible and make sure all outstanding transactions are processed before we close.
Again, the decision to close was not taken lightly, especially given we had several large updates in the works and plenty of plans for the future.
We hope you enjoyed using coinwallet.co.
If anyone has the time to devote and is interested in taking over CoinWallet.co you can contact us at: support@coinwallet.co
