Two of the leading Bitcoin exchanges – Bitstamp and Bitfinex temporarily stopped operations yesterday. That included the movement of funds in an out of customers’ accounts, and new user registrations. All due to a serious security vulnerability called Heartbleed, which affects the widely-used Open SSL cryptographic software library.
Normally all the memory on the systems protected by Open SSL would be safe and secure from cyber attackers. However, the vulnerable versions of Open SSL allowed stealing of the information that under normal circumstances would be protected by the SSL/TSL encryption. SSL/TSL is used to secure privacy and communication over the Internet for a variety of applications including email, IM, web and even some VPNs. Heartbleed allows attackers to read the memory of the targeted device (running a vulnerable version of Open SSL), therefore compromising the encrypted keys used by the device. This in turn allows easy eavesdropping on most communications, and being able to create different identities for users and services with stolen data, such as usernames and passwords.
Vulnerable versions of Open SSL are still open to these attacks. The solution is Fixed OpenSSL, which now has to be adopted to fix the issue.
Bitstamp and Bitfinex have both issued statements regarding the vulnerability and have taken steps towards fixing the issue.
BitPay – a Bitcoin payment processor has published a renewed SSL certificate, noting that maintenance of your cryptographic identity is essential.