As much as I regret the post I am about to write I feel that it is only fair and holding to the spirit of BitFloor that I disclose everything that is going on and make the information available. Please read the entirety of the post. As always, if you have any questions please post them here versus contacting support so that other users may benefit from the answer (unless it is private).
Last night, a few of our servers were compromised. As a result, the attacker gained accesses to an unencrypted backup of the wallet keys (the actual keys live in an encrypted area). Using these keys they were able to transfer the coins. This attack took the vast majority of the coins BitFloor was holding on hand. As a result, I have paused all exchange operations. Even tho only a small majority of the coins are ever in use at any time, I felt it inappropriate to continue operating not having the capability to cover all account balances for BTC at the time.
Due to the serious nature of what has happened I am currently evaluating options for BitFloor. One of the last things I want to happen is for BitFloor to shutdown and cause more panic in the bitcoin community. The platform itself is very valuable and provides an important and friendly service to many users.
BitFloor is very much focused on the end user and creating a reliable and trusted platform for everyone. Through exchange user support, I can continue to operate BitFloor. I believe that posting the exchange source and being even more transparent about operations would be a step in this direction if we were to continue operating. BitFloor is currently the #4 USD exchange and #1 in the US.
As a last resort, I will be forced to fully shut BitFloor down and initiate account repayment using current available funds. I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.
I realize that saying that I appreciate everyone's understanding is a moot point, however I do wish to re-iterate that my goal is to find the best and most reasonable way forward for BitFloor customers and the exchange and not create more panic that the community has already seen time and time again.
I would like to keep this thread focused on evaluating ideas of BitFloor operation and will create a separate thread for discussion (see below) about the actual transactions and tracing the coin theft. I will not speak at detail about the actual breach at this time as my current focus is on the future and not the past.
In the intrest of information for tracking stolen coins:
https://bitcointalk.org/index.php?topic=105819.0~Roman
This thread is the sister thread to the "bitfloor needs your help" thread here
https://bitcointalk.org/index.php?topic=105818.0It is meant for the tracking and discussion of the stolen coins from BitFloor.com
The attack came from the following IP:
178.176.218.157
And the coins were withdrawn with the following transactions:
83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be
d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2
f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93
42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0
358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46
Obviously it is high hopes to have the coins returned, but I do feel that the community can always benefit from more knowledge about high profile thefts and the aftermath.