by Constantine von Hoffman

Bitcoin Theft of $90,000 is a Real Whodunnit

May 17, 20123 mins

Bitcoinica, a provider of online virtual currency, was recently robbed for the second time in 10 weeks, and the circumstances are suspicious, to say the least. Unfortunately, the company can't call in the authorities, since it's unclear which agency would have jurisdiction over the incidents.

Last week’s theft of $90,000 in Bitcoins from the Bitcoinica website is beginning to look a lot like an episode of Law & Order.

Background: Bitcoins are a virtual currency that’s pretty much impossible to trace. The FBI and others are concerned Bitcoins could be used for criminal purposes. Bitcoinica is “an exchange that enables leveraged speculation in its contract-for-difference market against the Bitcoin to USD (BTC/USD) exchange rate. The service charges no trading fees but instead earns from the trading spread — similar to how forex trading functions.”

On May 11, Bitcoinica’s 17-year-old founder, Zhou Tong, posted on the Bitcointalk blog that the virtual bank had apparently been robbed: Today, we have discovered a suspicious Bitcoin transaction that doesn’t seem to be initiated by any one of the company owners. Some of them are not online at the moment so this is not conclusive,” he wrote.

The attack happened two weeks after Zhou dropped the reins of Bitcoinca’s daily operations, and he sold the company to an undisclosed investor back in November 2011. The new owners posted this on the site:

“The overwhelming majority of our bitcoin deposits were not stolen. The thief stole from us not you. All withdrawal requests will be honored.”

The post also said a database of user names, e-mail addresses and account histories was accessed and some encrypted data may have been compromised. It urged customers who reuse their Bitcoinica passwords on other sites to change them and also added:

“Even full access to website database would not give the attacker access to this data. We will have more to say soon about the circumstances surrounding this attack and what we will do to handle it.”

Zhou later posted in an online forum that hackers had broken into a Rackspace-hosted server after they managed to reset a password, most likely through an automated e-mail. And Zhou said he will retire from all bitcoin-related projects after this incident is resolved.

The reasons why Zhou sold the company are unclear, to say the least. In the related post, he wrote, “In November, an investor approached me to acquire Bitcoinica. Due to regulatory concerns, I agreed to the deal and signed the agreement.” He also said he sold it for a good price. However, earlier in the post Zhou said that after just a week of trading on the site, “volume passed one million dollars. I started making profits like crazy.”

“It feels great to have an experimental project become the ‘best thing since sliced bread,’ and run one of the most profitable businesses in a new economy. Bitcoinica has a total historical revenue equivalent to about 0.67% of the whole Bitcoin economy. Not even Apple can match this record in the real world economies.”

Does that sound like a person who wants to sell his company? Zhou was not only the Bitcoin president and inventor, but also its sole employee.

It is also worth noting that the latest incident is the second Bitcoinica robbery in 10 weeks. In March, attackers stole 43,000 bitcoins after they compromised servers provided by Web-hosting company Linode. A single bitcoin is currently worth around $5, so that’s a lot of electronic dough.

You can’t call in the cops because no one has any jurisdiction here. If you were the police and you were investigating, who would be your primary suspect?