Bitomat.pl, the leading Polish Bitcoin exchange, as well as the third largest Bitcoin exchange internationally, reported several days ago a total loss of their Bitcoin wallet due to an extremely risky server configuration using Amazon's Elastic Compute Cloud service. Bitomat had chosen to use the EC2 default state configuration, which resets itself to "factory default" after each reboot. After changes to increase the available RAM to the virtual machine, the EC2 instance was rebooted and promptly wiped. No off-site backups were taken, so in effect 17,000 BTC (~$170,000 USD value) have been "deminted" and will forever be unavailable to the network. Bitomat's owner has put the exchange service up for sale in an attempt to recoup the lost funds and repay wallet owners, you can find a copy of his official statement below:
I wish to hereby inform all bitomat users of the system failure that occurred on 26 July 2011 and of its consequences.
Let me begin with an apology for such a long delay in releasing this statement. I postponed it only for the benefit of the investigation of the causes and people responsible for the failure. Unfortunately, to date, despite intensive efforts, I haven't been able to establish the foregoing.
I also think that any longer delay wouldn't be justified and I owe you an explanation.
On 26 July 2011 at about 11:00PM, I noticed that bitcoin server was out of resources and I had to increase RAM. As a result of this operation, the virtual machine was deleted and all data lost, including bitcoin wallet and its backups.
I have established that data was lost because settings of the virtual mashine were changed, although I didn't change them myself. Amazon Web Services Company, which hosts our servers, says that the cleared machine has been set up to be irretrievably destroyed (including the data on the disks) at the shutdown.
I'm still trying to establish who has changed the settings and whether I will be able to recover the lost data. Unfortunately cooperation with Amazon Web Services is very difficult. As soon as I realized that my virtual machine was lost I have ordered AWS premium support, talked to the manager and asked for securing of the disk data. So far, without success.
Up to now I haven't been able to clearly determine the causes of the failure. I presume that's the result of third party actions, which wanted to hide their illegal activities or intentionally wanted the service to crash. If that's so, I will report the case to the authorities.
I'm still trying to recover the lost data, but it requires support from the server's owner (and that, as I mentioned earlier, is difficult).
At this point I wish to inform and assure you that your money deposited with wire transfer and not converted to BTC and unpaid money from the sale of BTC remain safe and intact. At the same time I am counting on your help in solving this problem. I realize that the situation is very difficult, and that you are concerned about your BTC funds. We are constantly working on a solution to this crisis, and I'm open to your suggestions.
Today I intend to:
* Cancel all active orders
* Restore the site and in particular enable PLN withdrawal
Your suggestions and ideas are welcome.
I would like to inform you that I had several conversations with potential investors from home and abroad. Www.bitomat.pl service is on sale for 17,000 BTC. If you are interested, please contact us at firstname.lastname@example.org.
Administrator of www.bitomat.pl