Data breaches are a serious threat to platform security and consumers’ private information, and there is no end in sight to the damage these attacks can cause. Even companies active in the digital currency world are not safe from harm, as Coinwallet is shutting down due to a data breach.
Also read: The Bitcoin.com Podcast: Trace Mayer
Another Bitcoin Platform Suffers Data Breach
On April 6th, the Coinwallet team noticed something was wrong with the backend of their platform. As it turned out, the company suffered from a data breach, which was made possible due to a minor error in the platform’s code. Although security checks were put in place to ensure this weakness could not be exploited, hackers managed to circumvent the precautions.
What this vulnerability does is check and sanitize user input on a recently added function, effectively preventing assailants from injecting malicious code. As most people are aware of, malicious code injection can be quite harmful, usually leading to databases being hacked, with data breaches to follow.
Taking necessary security precautions is one thing — such as a backup security system — but it is not a complete solution in the long run. Luckily for all Coinwallet users, no funds have been lost during this attack. Other Bitcoin and digital currency platforms have not always been so lucky in the past.
The Coinwallet statement reads:
“As mentioned above all coins are safe and available for immediate withdrawal. Given the large number of transactions that will occur over the next few days and weeks, we expect there may be some delays in processing some transactions. Please be patient and rest assured we will process all transactions as quickly as possible and make sure all outstanding transactions are processed before we close.”
For the time being, the company is still investigating the matter to determine what type of details may have been leaked during the breach. Users are advised to change their passwords on all other online platforms they use — especially digital currency-related ones — to avoid the hackers logging into their other accounts with the same information.
The Road Ahead for Coinwallet Users
Coinwallet wants to stress they took all of the necessary steps to ensure the database information was encrypted, and passwords are salted as well. That being said, if the hackers take their time, it is not impossible for them to crack the code and reveal the passwords used by Coinwallet users. Such a statement could indicate the company used a weaker form of encryption, although no details have been confirmed as of yet.
All of the user passwords have been reset, and users have been alerted by email. Moreover, Coinwallet has also deleted all of the previously generated API keys and shut down their Twitter Tip Bot as well. But the biggest announcement is how all users need to withdraw their outstanding Bitcoin balances before May 1st, 2016.
What are your thoughts on the Coinwallet breach? How could platforms prevent these issues from happening? Let us know in the comments below!
Images courtesy of Shutterstock, Coinwallet