Bitcoin, crime chronicles: Bitfloor PWND!

In the continuation of the topic of hacking Bitcoin exchanges.

On the night of September 4-5, another exchange fell victim to hackers. This time the target of the attack was the Bitfloor exchange (No. 4 by volume in US dollars), which is owned by an American of Russian origin, Roman Shtilman. The attackers got 24,000 BTC that at the current rate is about 250 thousand US dollars.
As always, the hacking story is pretty mysterious.
August 31 appeared inconspicuous topic that Bitfloor down. Roman's official comment, “Don't worry, everything is okay, they just turned off the electricity in the data center (?! What about the backup sources),” and everyone’s assurances that there are no safety issues.
“All funds are secured and shouldn't be operating normally soon.”

This is where the suspicious things started. Some Exchange users received the following notification:
“... there may have been some recent unauthorized activity that has been compromised.”. Note, it was August 31.

And on the night of September 4, something that everyone already knows happened. And again, the cause of misfortune was the neglect of elementary information security standards. Details in the presentation of the novel look very simple:

• The purse file was stored on an encrypted disk partition, but the backups of these files, which he made manually during the next update, were stored in an unencrypted form (facepalm).
• ALL bitcoins were stored directly in the hot wallet, and the offline cold wallet was not used (quad facepalm).

The good news is that stocks in US dollars remain intact.

Proponents of conspiracy theories have gone further, and as a result of uncomplicated searches, some even stranger details come to light:
')
http://webcache.googleusercontent.com/search?q=cache:UYt4pj002acJ:https://bitfloor.com/about+&cd=1&hl=en&ct=clnk&gl=us is the saved version of the contact information from bitfloor.com
buybitcoin.com/home/contact - contact details of a virtually unknown stock exchange owned by a dubious person named Bruce.

This data is adjacent mailboxes, and phone numbers with the same prefix (1-646-580-XXXX), provided by the same small company BandWidth.com. Given that there are hundreds of prefixes in the 646 code, and BandWidth.com owns only the 17th ...

Suspiciously, but no more than that, there is no more evidence about Bruce’s involvement in the imitation of hacking, and these coincidences remain only additional mysteries.

References:

1. yro.slashdot.org/story/12/09/05/1238214/bitfloor-joins-list-of-compromised-bitcoin-exchanges
2. paritynews.com/security/item/266-bitcoin-exchange-bitfloor-shut-down-after-attacker-steals-24000-btc
3. bitcointalk.org/index.php?topic=105818.0 - Roman calls on users to help determine the future fate of the exchange.

Follow the "last path" of stolen money can be on the links.

blockchain.info/tx/83f3c30dc4fa25afe57b85651b9bbc372e8789d81b08d6966ea81f524e0a02be - 16,120 BTC
blockchain.info/tx/d5d23a05858236c379d2aa30886b97600506933bc46c6f2aab2e05da85e61ad2 - 1,000 BTC
blockchain.info/tx/f9d55dc4b8af65e15f856496335a29e2be40f128a7374c75b75529e864579f93 - 6,400 BTC
blockchain.info/tx/42ea472060118ee5aee801cdedbc4a3403f3708a87340660f766e2669f0afeb0 - 60 BTC
blockchain.info/tx/358c873892016649ace8e9db4c59f98a6ca8165287ac80e80c52e621f5a26e46 - 498.39 BTC