Several users of Purse.io, a P2P service provider allowing to shop on Amazon with bitcoins, reported receiving unauthorized password reset emails which was quickly followed by unauthorized withdrawals of money from their accounts.

Reddit user akreider first reported the incident on Sunday, 11 October.

Other redditors soon confirmed their accounts were striped too.  In the meantime the service went offline upon the pretext of maintenance.

Later Purse.io resumed its operations. The company admitted that security breach did happen while denying any client funds were affected.

Purse.io stated that neither hot nor cold wallets were compromised, and users with two factor authentication (2FA) were not affected. The company advised its users to activate 2FA and revealed it was pondering on making it mandatory. However a Reddit user aaronsta1 claimed he had enabled 2FA and still lost his money.

Recently the company published an update finally admitting that 11 user accounts were hijacked and hackers managed to withdraw 10.235 BTC.

At the beginning of the year two large bitcoin marketplaces BitStamp and LocalBitcoins were hacked with a loss of customers’ funds. Later on, BTER, a Chinese bitcoin exchange, also suffered hacker attack and lost 7,170 BTC (approximately $1.75 million) from their cold wallets in mid-February. In June an undisclosed “significant” sum of bitcoins was lost due to attack against cloud mining service Scrypt.CC.

Nadya Krasnushkina