Attackers tampered with the crypto-currency and disrupted service, according to a static message on the Doge Vault website, which was still non-functional three days after the incident.
By the time the hack was detected, the intruders “had already accessed and destroyed all data on the hosted virtual machines,” Doge Vault officials said.
The virtual wallet service has not disclosed the amount of Dogecoin stolen, but some have estimated the value to be tens of thousands of dollars, according to SecurityWeek.
"Attackers typically go after two types of targets: one, large amounts of financial data such as Target, Michaels Stores and TJ Maxx; or two, low-hanging fruit like universities that typically do not have strong IT security measures but good amounts of personal data," said Eric Chiu, president and co-founder of cloud security firm HyTrust, told the publication. "These new crypto-currency exchanges are a ripe target for both reasons since they can provide a good payday of anonymous digital currency and typically do not have the security measures that say more mature, regulated financial institutions have."
Doge Vault apparently is attempting to salvage existing wallet data from an off-site backup.
Doge Vault officials posted a new message on their still-defunct site stating that 160 million dogecoins (worth $73,046 as of 5/15) are gone.
“After salvaging our wallet we have ascertained that around 280 million Dogecoins were taken in the attack, out of a total balance of 400 million kept in our hot wallet,” officials said. “120 million Dogecoins have been since recovered and transferred to an address under our control.”
The attacker likely gained access to the node where Doge Vault’s virtual machines were stored, “providing them with full access to our systems,” officials added. User account information also probably has been exposed. Officials claim customer passwords were stored “using a strong one-way hashing algorithm.”
Other credentials weren’t as secure. “All private keys for addresses are presumed compromised, please do not transfer any funds to Doge Vault addresses,” officials said.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.