Why was the site down?
As an additional security measure, we suspended our systems and disabled our website to preserve the forensic environment, to engage with authorities to fully investigate the incident, and to redeploy from a secure backup a totally new instance of our code and platform on totally new hardware. We also moved our hosting location from a local hosting site to Amazon Web Services (in the EU) and implemented multi-sig technology to further improve security—the first major exchange to do so.
Did you lose my bitcoins?
Bitstamp experienced a security breach on Jan. 4th. Security of our customers’ bitcoin and information is a top priority for us, and as part of our stringent security protocol we temporarily suspended our services on January 5th. All bitcoin held with us prior to the temporary suspension of services starting on January 5 (at 9 a.m. UTC) are completely safe and will be honored in full. We are currently investigating and will reimburse all legitimate deposits to old wallet addresses affected by the breach after the suspension.
What are you doing to compensate customers for the inconvenience?
As a thank you to our loyal customers for their patience while we were offline, we are waiving all commission fees for one week (through 11:59pm PM UTC on Jan. 17th, 2015).
If I deposited bitcoin after January 5th 9am UTC will those deposits be honored?
We are currently investigating any deposits made during the time of the breach and will reimburse all valid deposits upon confirmation. We will be in touch individually with affected customers. Please note wallet balances may initially appear lower as a result of the breach, but we will be honoring any missing bitcoin soon once legitimate deposits are validated.
Will previously open orders be executed ?
No. To protect customers from market movements during our temporary suspension of services, all open non-executed orders have been canceled as of 9am UTC on January 5th. Customers should enter new orders based on today's conditions. Trading will resume at 21:00 UTC on January 9th.
Is the January 2015 security breach the same thing that happened to Mt. Gox?
Absolutely not. This breach represents a small fraction of Bitstamp’s total bitcoin reserves, the overwhelming majority of which are held in secure offline cold storage systems. We were able to identify the breach and immediately shut down our services. We are currently working with law enforcement officials, and all bitcoin held with us prior to our temporary suspension of services are completely safe and will be reimbursed in full. As a thank you to our customers for their patience, we are also waiving all commission fees for a week.
Can I deposit bitcoin?
Customers can deposit bitcoins into the newly issued deposit addresses - issued from January 9th 2015. Customers should NOT deposit into old addresses issued prior to January 9th, 2015 as those deposits can not be honored.
Can I withdraw bitcoin?
Yes - we are fully operational and customers can resume all transaction activity, including all bitcoin and USD deposits and withdrawals.
Why didn't you notify me via email?
We sent emails to customers as soon as we identified the potential breach, advising them not to deposit any bitcoin into previously assigned addresses. As a security precaution, we temporarily suspended our services including our website, and shared an update on the homepage. We also posted on Twitter, Facebook and Google+ in an attempt to reach as many of our users as possible.
How soon can I expect to hear back from customer support if I have an account question?
Due to the unusually high number of inquiries we are receiving, we may be slower than normal to respond to support emails. We are doing our best to respond to inquiries in a timely manner, in the order they’re received. Thank you for your patience during this time.
What law enforcement agencies are involved in the investigation?
Bitstamp is working closely with US and international law enforcement agencies specializing in digital-currency.
What happened to my personal info? Is it safe?
We have no reason to believe that any personal or customer data has been compromised.
Didn’t you experience a breach earlier this year?
Earlier this year some of our customers reported receiving suspicious emails, which were found to contain malware. We’ve also been targeted in a large DDoS attack that also went after other companies in the space. In both instances, we acted quickly and took the precaution of temporarily disabling the accounts immediately. No bitcoin was stolen from any of our customers in either of those incidents.
What additional security measures have been implemented since the breach?
We have integrated BitGo’s multi-sig technology. Bitstamp is now the first and only major bitcoin exchange to incorporate the industry's best security practices available today.
Did physical operations for Bitstamp move to the US?
No, the team and physical operations remain in the EU. Some of our team was in the US during the breach, but no operations were moved.