It’s not easy to run a Bitcoin company. There are so many different laws to comply with in every single country, many of which has not yet decided if it is a currency or a commodity. On top of that you need to invest heavily into security to ensure your customers funds, all while making just a fraction on your customers.
Purse.io is a Bitcoin e-commerce startup that offers customers the possibility to spend Bitcoins in a simple way. The site was had a security incident this weekend, which ended up with just over BTC10 stolen from customers accounts, 11 being breached in total.
Purse has already covered all balances that was stolen from the site and said that it is very likely that it was their email provider who had been compromised and thus providing hackers access to customer accounts by resetting their passwords, as users reported having happened over the weekend.
Purse originally took down their site for several hours while fixing the issue and believed that the accounts would be unaffected, but they weren’t. There were also rumours circulating that accounts with 2 factor authentication was hacked, but that was quickly denied by Purse.
“We actively monitor our customer liabilities against the funds we control. During our downtime, we determined funds we control exceeded customer liabilities [and] the unauthorized withdrawals (10.235 BTC) implying user funds were secure," he said in an email. "Profit from one to two days was used to reimburse the withdrawals.” CEO of Purse, Andrew Lee told Coindesk.
“No accounts with 2FA enabled before the attack were affected. Reports of accounts with 2FA being compromised are not accurate. Some users enabled 2FA after they received reset password emails,” He added.