Earlier this week, the Genesis Mining development team announced that an unauthorized intrusion by an undisclosed attacker was discovered and as a result, funds stored in the company’s hot wallet were stolen and transferred to an external wallet.
Most companies in the space operate a hot & cold wallet system: Hot wallet refers to wallets that are connected to the internet and cold wallet refers to wallets that are maintained offline. Many companies also work with third party service providers and blockchain security firms such as BitGo to protect hot wallets and user funds with multi-signature technology.
According to the Genesis Mining team, its hot wallet was hacked and immediately after the intrusion was discovered, its platform and servers were temporarily shut down.
“On the night of Friday, July 21st, we detected an unauthorized intrusion by an attacker. This attacker gained access to a hot wallet and was able to transfer funds which we will reimburse in full. Shortly after the intrusion was detected, our team was able to shut down the attack. We immediately took steps to mitigate the issue, including enhancing our monitoring and detection capabilities, and further hardening our environment. One of those increased security measures was to delay our daily payouts,” wrote the Genesis Mining team.
Fortunately, the scale of the attack and the loss of client funds weren’t substantial and the company have been able to reimburse users, though payments have been slightly delayed. In the case of larger attacks on Bitcoin businesses such as Mt. Gox and CoinTrader, the amount of money lost caused the companies to become insolvent and cease operating.
“We want to assure you that our mining operation was not affected and is running as normal. Every single one of our customers will receive their missing payouts as soon as we’re sure about the safety and integrity of our payment system. One of the advantages of the daily payout system is that it helps prevent actual losses, even in moments like these that cause delays,” the Genesis Mining team added.
Since Genesis Mining do not collect or store credit card details, the company reported that none of their client’s sensitive financial information was leaked. More importantly, other personal data such as email addresses and phone numbers were also protected from the hackers.