|
Title: BitInstant loses $12,000 in digital heist Post by: areebmajeed on March 10, 2013, 04:21:46 AM A Bitcoin broker fell victim to a major digital heist over the weekend after hackers snuck their way into its accounts and made off with $12,000 worth of the digital currency.
The attack briefly shut down Bitcoin brokerage firm BitInstant over the weekend, as hackers took over its DNS servers and email accounts. BitInstant, which acts as a middleman between Bitcoin exchanges and people looking to invest in the currency, said the attack did not compromise any customer accounts. Instead, hackers stole directly from the company's own accounts—a bit of silver lining for a brokerage that at one point last year was exchanging $2.5 million of Bitcoins every month. An attack on its customers could have been disastrous. Here's how it went down: A hacker, which BitInstant believes is based in Russia, used publicly available info to weasel their way into the company's domain name server (DNS) and kick out the legitimate owners. That gave them control over BitInstant email accounts. The next step was easy. The hacker went to online BitCoin exchange VirWox and asked to reset their passwords. Once they received the password reset email, they had full access to the BitInstant account on VirWox. BitInstant wasn't surprised by the attack. A company rep wrote in a blog post: "We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success. At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday.” This isn't the largest heist in Bitcoin history. That dubious honor goes to Bitcoinica, a now-defunct digital exchange. In 2012, hackers made off with 60,000 bitcoins, worth hundreds of thousands of dollars at the time—a theft of such magnitude that it contributed to Bitcoinica shutting down entirely a few months later. Bitcoin has been seeing a popularity explosion in recent months. It's easy to see this latest hack as a sign that Bitcoin is a risky currency to own. But it's also a sign of Bitcoin's growing legitimacy. Thieves don't usually waste their time on Monopoly money. Title: Re: BitInstant loses $12,000 in digital heist Post by: dscotese on March 10, 2013, 05:02:24 AM Also from the blog (http://blog.bitinstant.com/blog/2013/3/4/events-of-friday-bitinstant-back-online.html):
Quote The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother's maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account). Are there hosting companies that provide something like two-factor auth or a waiting period before changing the primary email address? That seems a like an easy and smart solution to this kind of attack. One of my clients uses site5 and when I sent them the instruction "Please contact the owner of account x for the contact information for their new webmaster", they said they wouldn't. I think these things should be tested before hosting something sensitive. Title: Re: BitInstant loses $12,000 in digital heist Post by: John (John K.) on March 10, 2013, 05:08:04 AM Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
Title: Re: BitInstant loses $12,000 in digital heist Post by: bg002h on March 10, 2013, 07:15:46 AM http://www.dailydot.com/news/bitcoin-bitinstant-12000-stolen-heist-hack/ Title: Re: BitInstant loses $12,000 in digital heist Post by: MPOE-PR on March 10, 2013, 01:26:38 PM Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'. Yeah. Price went up. Title: Re: BitInstant loses $12,000 in digital heist Post by: MoneypakTrader.com on March 10, 2013, 11:22:33 PM Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'. ditto, what is the amount of BTC from this "heist"?Title: Re: BitInstant loses $12,000 in digital heist Post by: 21after2 on March 10, 2013, 11:56:33 PM Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'. ditto, what is the amount of BTC from this "heist"?$12,000 worth of BTC... probably around 250 or so? Title: Re: BitInstant loses $12,000 in digital heist Post by: dscotese on March 11, 2013, 01:39:10 AM From BitInstant's Blog (http://blog.bitinstant.com/blog/2013/3/4/events-of-friday-bitinstant-back-online.html): Quote Overall, due to major choke points and redundancies in our system, the hacker was only able to walk away with $12,480 USD in BTC, and send them in 3 installments of 333 BTC to bitcoin addresses. 15WeVhV1rSUVGqBWuzi4ogV3BGSwAw8fCX 12Sfsc4XVBfSkcz9CayqfZdhYuntbjtjXp 1Fimj1BzMBessvPw2RKeqvgPg7VLgJCQi |