A few weeks ago we reported that the U.S. based bitcoin exchange BitQuick was hacked. BitQuick responded by taking the exchange offline immediately and releasing a statement. They have updated their site and brought it back online, however the exchange is still not operational and BitQuick has released a new updated statement.
In the new statement, BitQuick says that the hackers who accessed their exchange and database have likely leaked the database, and the hackers were able to gain access to customer phone numbers, first and last names, and email addresses; they did state that no sensitive financial information was stored in the database. BitQuick said that the hacking exploit happened through their receipting upload page, quite possibly due to a SQL injection vulnerability in the upload function code. They also said that all customer PIN numbers and ID’s remain secured, although it’s unclear from the statement how they are secure if the entire database was compromised.
At this time it’s still unclear if and when the exchange will come back online and be operational, but BitQuick remains optimistic that it will come back after a security audit in 2-4 weeks.
Here is the statement made in full.
We sincerely appreciate your loyalty and patience while we go through this process. It’s a shame that Bitcoin services are targeted so heavily by cyber-criminals, but we will not return until we have the utmost confidence that our platform is secured once again. We realize that we have a truly unique service, not only because of how our platform works, but more importantly because of the way we treat our customers.
We are still on schedule for the platform to return as well. No files or information in the database were destroyed. We have nearly concluded our investigation on the issue, and have determined that our receipt upload function was likely the source of the exploit. We have also discovered that our database was likely leaked. No sensitive financial information was stored in the database, but phone numbers, first and last name and email addresses were released. Please look out for any phishing emails that may occur because of this. As previously stated, all modification PIN’s and ID’s remain secured.
We are now working on re securing our code base, and performing an additional security audit.We are still targeting 2-4 weeks from now to be back up, but there may be additional delays. We will keep you all updated! We are optimistic that the platform will be back better than before. In the mean time, please email us any questions you may have!