Someone once said something about eggs and a single basket…
Flexcoin is shutting down. (March 3 2014)
On March 2nd 2014 Flexcoin was attacked and robbed of all coins in the hot wallet. The attacker made off with 896 BTC, dividing them into these two addresses:
As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately.
Users who put their coins into cold storage will be contacted by Flexcoin and asked to verify their identity. Once identified, cold storage coins will be transferred out free of charge. Cold storage coins were held offline and not within reach of the attacker. All other users will be directed to Flexcoin’s “Terms of service” located at “Flexcoin.com/118.html” a document which was agreed on, upon signing up with Flexcoin.
Flexcoin will attempt to work with law enforcement to trace the source of the hack.
Updates will be posted on twitter as soon as they become available.
Update (March 4 2014)
During the investigation into stolen funds we have determined that the extent of the theft was enabled by a flaw within the front-end.
The attacker logged into the flexcoin front end from IP address 22.214.171.124 under a newly created username and deposited to address 1DSD3B3uS2wGZjZAwa2dqQ7M9v7Ajw2iLy
The coins were then left to sit until they had reached 6 confirmations.
The attacker then successfully exploited a flaw in the code which allows transfers between flexcoin users. By sending thousands of simultaneous requests, the attacker was able to “move” coins from one user account to another until the sending account was overdrawn, before balances were updated.
Flexcoin has made every attempt to keep our servers as secure as possible, including regular testing. In our ~3 years of existence we have successfully repelled thousands of attacks. But in the end, this was simply not enough.
Having this be the demise of our small company, after the endless hours of work we’ve put in, was never our intent. We’ve failed our customers, our business, and ultimatley the Bitcoin community.
Please direct any and all questions to admin(at)flexcoin(dot)com and we will reply to you as soon as possible.