Canada’s largest Bitcoin exchange Cavirtex announced it will soon be shutting down its operations after a suspected security breach.
In a statement made earlier this week, the Calgary-based company said it believed the compromise occurred on an older version of its database on February 15, which included two-factor authentication secrets, as well as hashed passwords.
Although it assured identification documents were not impacted, Cavirtex added it could not guarantee the confidentiality of user’s credentials, accepting the issue would likely lead to loss of customer trust, and business.
“Because security and the safety of customer funds are paramount to our mission and the success of Bitcoin in general, CAVIRTEX has determined to cease active operations in the Bitcoin business and to return all customer funds,” read the statement.
We believe that the damage to the company’s reputation caused by the potential compromise will significantly harm our ability to continue to operate successfully.
The company noted the alleged breach did not result in any loss of funds and it will continue to process exchanges made prior to March 20. However, new deposits will no longer be accepted, and withdrawals will be halted following March 25.
Customers are urged to change passwords and wipe Cavirtex cookies from their browsers.
The company is just one of many Bitcoin exchanges to have witnessed attacks from cybercriminals, with multiple companies losing hundreds of thousands of dollars worth of cryptocurrency.
Recently, UK-based Bitstamp suspended its service after hackers stole 19,000 bitcoins from its “hot wallets.” Meanwhile, Chinese BTER exchange also announced this week it had lost roughly $1.75 million in digital currency to hackers.
“A challenge with these Bitcoin exchanges is often touted as one of its strengths—no centralized authority,” said Tripwire Senior Security Analyst Ken Westin.
Without a central authority, these exchanges are largely unregulated and do not have security requirements or insurance you would find with traditional currencies via banks and more traditional financial services entities, he explains.
“This lack of regulation means that the exchanges have no standards for security, so many of these exchanges are building systems and have a ‘roll your own’ model for security tools and configuration.”
As the potentials of digital currency continue to bring much debate, the non-profit Cyptocurrency Certification Consortium (C4) recently proposed a set of rules aimed at standardizing security protocols used by companies that handle or store digital currencies for their clients.
“This is one of the most promising developments I have seen in this area, but until we see these standards more widely deployed, Bitcoin will remain a higher risk currency,” said Westin.