Cyber Incident Victim: Cavirtex
Date:
Feb 2015
Location:
Canada
Summary
Cavirtex, a Canadian Bitcoin exchange, ceased operations following a security breach where hackers accessed an older database containing hashed passwords and two-factor authentication secrets, though no identification documents or customer funds were compromised. The company cited reputational damage and potential loss of credential confidentiality as primary reasons for its shutdown, advising users to change passwords and clear browser cookies while ensuring solvency and processing withdrawals during the wind-down period. The incident underscores persistent targeting of cryptocurrency platforms by malicious actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Cavirtex, a Canadian Bitcoin exchange operational for approximately three and a half years, announced its permanent shutdown on February 19, 2015, following confirmation of a security breach involving unauthorized access to an older database version. The compromise, detected on February 15, 2015, exposed hashed customer passwords and two-factor authentication (2FA) secrets, though the database did not contain identification documents. The company immediately disabled Bitcoin (BTC) and Litecoin (LTC) withdrawals as a precautionary measure while maintaining that customer funds remained secure due to 100% reserve solvency. Cavirtex emphasized no direct theft of customer assets occurred, but the reputational damage from the breach led management to conclude continued operations were unsustainable. Effective immediately upon the announcement, the exchange halted new deposits and initiated a phased wind-down of services, with trading ceasing on March 20, 2015, and final withdrawal processing ending on March 25, 2015. Account holders with remaining balances after March 25 were promised direct communication from the company.
The breach response included direct instructions for customers to change their Cavirtex passwords immediately and clear browser cookies associated with the platform. Company leadership acknowledged persistent targeting by hackers over time, aligning with broader industry challenges exemplified by contemporaneous security incidents at MtGox, FlexCoin, and Poloniex. Cavirtex's closure represented a voluntary termination despite financial solvency, driven exclusively by eroded user trust stemming from the database compromise. The incident permanently eliminated a mid-tier Bitcoin exchange from the Canadian market, requiring customers to migrate funds within a 35-day window between breach disclosure and withdrawal termination. No technical specifics regarding attack vectors, threat actor attribution, or forensic investigation details were disclosed publicly beyond the confirmed exposure of credential-related data from legacy systems.