Bitcoin Exchanges React to OpenSSL Heartbleed Bug
Over the past twelve hours, there web has been abuzz with news of an OpenSSL (an encryption library in use by many sites on the web) bug that has been deemed rather serious.
As a primer, a description from Heartbleed.com:
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
The bug was discovered by IT security firm Codenomicon, and the news is not only rippling through the bitcoin community, but the entire internet.
Popular bitcoin exchange Bitstamp announced on Tuesday morning via Twitter that they’ve turned off ‘accregistration’ (which we assume to be account registration), account log-ins, and withdrawals until they are protected from the Heartbleed bug.
The measure is precautionary. The tweet was followed up with this note on the exchange’s website:
Dear Bitstamp clients,
After reported vulnerabilities in OpenSSL, we applied necessary patches to our system. Incapsula, our DDOS mitigation provider is still working patching their system.
In order to provide required security, both system need to be patched. We are in constant contact with Incapsula and are working with them to complete necessary procedures. Until then Bitstamp has decided to temporally deactivate:
-account registration, -account login -and all virtual currency withdrawal functions
We will keep you updated on the progress.
Thank you for understanding.
Exchange Bitfinex also announced via Twitter that they’ve halted withdrawals for about ten hours and they’re urging customers to change their credentials as soon as possible.
A user on social sharing website Reddit listed exchanges at risk of the Heartbleed bug. They include BTC-e, Bitcurex, BTC China, Cryptsy, and more.