In a statement posted on its homepage, the exchange reveals that a user’s wallet may have been compromised on Sunday, January 4th, 2015.
The problems first surfaced when a Reddit user posted how after trying to deposit Bitcoins to a Bitstamp account, the amount had disappeared before reaching their balance.
The user then contacted customer support, which replied with an email urging them to not make any Bitcoin deposits to their previously issued Bitstamp deposit account.
The exchange has since expanded its recommendation to cover all Bitstamp users.
In response to the incident, Dogecoin creator Jackson Palmer has speculated that the reported issues may be due to two specific attack vectors: compromised public/private keys or an R-value attack.
Last month, a white hat hacker on Blockchain discovered a number of “broken” keys after using a script that scanned for recently added data and repeated ‘R values’ on the Bitcoin blockchain.
Commenting on his find, the hacker said: “Every Bitcoin transaction is signed by two values – ‘R’ and ‘S’ – which prove that the sender knows the private key. If the same R value is used twice, the private key can be easily computed from the signatures alone.”
The hacker ultimately accumulated hundreds of Bitcoins as a result of the problem but returned all of them to their rightful owners after Blockchain fixed the issue.
The fact that Bitstamp references users’ previously issued addresses suggests that the exchange may be experiencing the same problems as Blockchain.
Those who use their Bitstamp accounts in an automated manner, such as for mining payouts or for other regular deposits, are most affected by this issue. Even so, it is strongly recommended that Bitstamp users not interact with their accounts in this fashion and instead store their Bitcoins in a non-exchange account.