The popular online dogecoin wallet service Doge Vault has revealed that 280 million of the 400 million dogecoins it held for its customers have been stolen, equating to almost £75,000.
The cyber attack took place last Sunday, 11 May but was only noticed a day later. Doge Vault then shut down its website as it investigated the incident.
In an updated statement posted on its site on Thursday evening, the creator of Doge Vault, Asad Haider said:
"We regret to announce that on the 11th of May, attackers compromised the Doge Vault online wallet service resulting in wallet funds being stolen. After salvaging our wallet we have ascertained that around 280 million dogecoins were taken in the attack, out of a total balance of 400 million kept in our hot wallet. 120 million dogecoins have been since recovered and transferred to an address under our control."
At the current value of dogecoin (£0.000267) the stolen cryptocurrency is worth £74,760.
Customer database compromised
Haider said he believed the attacker gained access to the node on which Doge Vault's virtual machines were stored, which gave them full access to the site's systems.
Haider warns: "It is likely our database was also exposed containing user account information; passwords were stored using a strong one-way hashing algorithm. All private keys for addresses are presumed compromised, please do not transfer any funds to Doge Vault addresses."
While storing hashed passwords is better than storing them in plain text, it has been shown that those with the right tools can easily crack this type of encryption.
It means that Doge Vault customers are strongly advised to change the password on any accounts which use the same password.
Haider promised that the company will "make every effort to refund all recovered dogecoins to users" with more information on this and on the attack after it has completed its investigation.