Customer Bitcoins Stolen in Purse Email Breach

Bitcoin startup Purse has disclosed that 10.235 BTC in customer funds were stolen over the weekend during a security incident.

AccessTimeIconOct 12, 2015 at 9:16 p.m. UTC
Updated Aug 18, 2021 at 4:16 p.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Bitcoin startup Purse said today that 10.235 BTC (roughly $2,500) in customer funds were stolen over the weekend during a security incident.

Eleven customers had their accounts emptied, according to Purse representatives, who reported they had covered the bitcoins withdrawn with company funds.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Claims that funds were stolen first emerged over the weekend, with customers reporting that they had received emails about password resets and withdrawals. Purse.io’s website was later taken offline for several hours.

    The bitcoin-focused e-commerce company said on 11th October that it believed one of its email service providers had been compromised. At the time, the company said that "all funds are secure".

    CEO Andrew Lee told CoinDesk that funds controlled by the company were temporarily moved into an offline wallet following the shutdown, including its profit accounts, while the team began investigating the thefts.

    “We actively monitor our customer liabilities against the funds we control. During our downtime, we determined funds we control exceeded customer liabilities [and] the unauthorized withdrawals (10.235 BTC) implying user funds were secure," he said in an email. "Profit from one to two days was used to reimburse the withdrawals.”

    Lee added that Purse “will publish technical details of the attack in the coming days”. He also denied reports that funds were stolen from accounts with active two-factor authentication (2FA).

    “No accounts with 2FA enabled before the attack were affected. Reports of accounts with 2FA being compromised are not accurate. Some users enabled 2FA after they received reset password emails,” he said.

    Theft image via Shutterstock

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.