Update: On Tuesday morning, the Dogevalut website was updated to show the following message:
On the 11th of May, the Doge Vault online wallet service was compromised by attackers, resulting in a service disruption and tampering with wallet funds.
As soon as the administrator of Doge Vault was alerted, the service was halted. The attackers had already accessed and destroyed all data on the hosted virtual machines.
We are currently in the process of identifying the extent of the attack and potential impact on user's funds. This involves salvaging existing wallet data from an off-site backup. We will also closely be investigating potential attack vectors, and determining the security breach which enabled the attacker's to compromise the service.
Please do not transfer any funds to Doge Vault addresses while our investigation is under way.
Thank you for your patience - we will issue an additional statement including our findings and plan of action within the next 24-48 hours.
Email firstname.lastname@example.org for any enquiries.
When the website of a cryptocurrency exchange or wallet service goes down, it’s usually a bad sign. If history is any guide, it means the company’s systems were hacked and the coins once contained inside were looted by thieves.
That was the first though that likely ran through the minds of many users of the popular Dogecoin wallet service Dogevault Monday morning when they were greeted the following message upon attempting to access their accounts this morning (click for full size):
Company representatives have been tight-lipped about precisely what’s going on. They did not immediately respond to a request for comment, but have indicated that a press release will be forthcoming within the next 24 hours.
Outside of the announcement on the company’s website, there’s been complete radio silence from Dogevault representatives on social media channels as well as on the exchange’s official blog.
The Cryptocurrency Times points out that one Dogevault customer on Reddit reported seeing 950,000 of his or her Dogecoins (about $436 USD) transferred into a different account without explicit permission being given.
Dogecoin co-creator Jackson Palmer wrote on that same Reddit thread that he followed the record of that transaction through the Dogecoin blockchain and discovered that the coins were transferred into a mega-wallet that now contains some 111 million Dogecoins (about $51,000 USD)
‟My hope is that this is Dogevault's cold wallet system in action and that everything will be OK once it's back online,” wrote Palmer, who has temporarily removed Dogevault as a recommendable wallet service from his Dogecoin.com website. ‟Let's wait and see. Thanks for your patience.”
No matter what happens with the coins deposited in Dogevault, it provides a potent reminder for everyone who deals with cryptocurrencies: online wallet services aren't banks. It's unwise to treat online wallet services, not to mention cryptocurrency exchanges that also function as wallet services, as places to house large quantities of coins for long periods of time.
Not only are these services prime targets for hackers, but deposits made in them aren’t insured—so if your money is stolen from one of them, there’s really not much you can do about it. Instead, its far safer to put coins in cold storage on a home computer or on a flash drive air-gapped away from the Internet.
As the always wise Insanity Doge meme notes:
(Full disclosure: I have about $0.25 worth of Dogecoin deposited in Dogevault.)
Photo by Roberto Vasarri/Wikimedia Commons