Bitcoin Forum
November 05, 2024, 01:10:08 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Warning: One or more bitcointalk.org users have reported that they strongly believe that the creator of this topic is a scammer. (Login to see the detailed trust ratings.) While the bitcointalk.org administration does not verify such claims, you should proceed with extreme caution.
Pages: [1]
  Print  
Author Topic: BitInstant loses $12,000 in digital heist  (Read 1275 times)
areebmajeed (OP)
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500



View Profile
March 10, 2013, 04:21:46 AM
 #1

A Bitcoin broker fell victim to a major digital heist over the weekend after hackers snuck their way into its accounts and made off with $12,000 worth of the digital currency.

 The attack briefly shut down Bitcoin brokerage firm BitInstant over the weekend, as hackers took over its DNS servers and email accounts.

BitInstant, which acts as a middleman between Bitcoin exchanges and people looking to invest in the currency, said the attack did not compromise any customer accounts. Instead, hackers stole directly from the company's own accounts—a bit of silver lining for a brokerage that at one point last year was exchanging $2.5 million of Bitcoins every month. An attack on its customers could have been disastrous.

 Here's how it went down: A hacker, which BitInstant believes is based in Russia, used publicly available info to weasel their way into the company's domain name server (DNS) and kick out the legitimate owners. That gave them control over BitInstant email accounts. The next step was easy. The hacker went to online BitCoin exchange VirWox and asked to reset their passwords. Once they received the password reset email, they had full access to the BitInstant account on VirWox.

 BitInstant wasn't surprised by the attack. A company rep wrote in a blog post:

 "We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success. At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday.”

 This isn't the largest heist in Bitcoin history. That dubious honor goes to Bitcoinica, a now-defunct digital exchange. In 2012, hackers made off with 60,000 bitcoins, worth hundreds of thousands of dollars at the time—a theft of such magnitude that it contributed to Bitcoinica shutting down entirely a few months later.

 Bitcoin has been seeing a popularity explosion in recent months. It's easy to see this latest hack as a sign that Bitcoin is a risky currency to own. But it's also a sign of Bitcoin's growing legitimacy. Thieves don't usually waste their time on Monopoly money.
dscotese
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250


I prefer evolution to revolution.


View Profile WWW
March 10, 2013, 05:02:24 AM
 #2

Also from the blog:
Quote
The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother's maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account).

Are there hosting companies that provide something like two-factor auth or a waiting period before changing the primary email address?  That seems a like an easy and smart solution to this kind of attack.  One of my clients uses site5 and when I sent them the instruction "Please contact the owner of account x for the contact information for their new webmaster", they said they wouldn't.  I think these things should be tested before hosting something sensitive.

I like to provide some work at no charge to prove my valueAvoid supporting terrorism!
Satoshi Nakamoto: "He ought to find it more profitable to play by the rules."
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1288
Merit: 1227


Away on an extended break


View Profile
March 10, 2013, 05:08:04 AM
 #3

Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
bg002h
Donator
Legendary
*
Offline Offline

Activity: 1466
Merit: 1047


I outlived my lifetime membership:)


View Profile WWW
March 10, 2013, 07:15:46 AM
 #4


http://www.dailydot.com/news/bitcoin-bitinstant-12000-stolen-heist-hack/

Hardforks aren't that hard. It’s getting others to use them that's hard.
1GCDzqmX2Cf513E8NeThNHxiYEivU1Chhe
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756
Merit: 522



View Profile
March 10, 2013, 01:26:38 PM
 #5

Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.

Yeah. Price went up.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
MoneypakTrader.com
Sr. Member
****
Offline Offline

Activity: 472
Merit: 250


Never spend your money before you have it.


View Profile
March 10, 2013, 11:22:33 PM
 #6

Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
ditto, what is the amount of BTC from this "heist"?

21after2
Member
**
Offline Offline

Activity: 112
Merit: 16



View Profile
March 10, 2013, 11:56:33 PM
 #7

Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
ditto, what is the amount of BTC from this "heist"?

$12,000 worth of BTC... probably around 250 or so?
dscotese
Sr. Member
****
Offline Offline

Activity: 444
Merit: 250


I prefer evolution to revolution.


View Profile WWW
March 11, 2013, 01:39:10 AM
 #8


From BitInstant's Blog:
Quote
Overall, due to major choke points and redundancies in our system, the hacker was only able to walk away with $12,480 USD in BTC, and send them in 3 installments of 333 BTC to bitcoin addresses.
 
15WeVhV1rSUVGqBWuzi4ogV3BGSwAw8fCX
12Sfsc4XVBfSkcz9CayqfZdhYuntbjtjXp
1Fimj1BzMBessvPw2RKeqvgPg7VLgJCQi

I like to provide some work at no charge to prove my valueAvoid supporting terrorism!
Satoshi Nakamoto: "He ought to find it more profitable to play by the rules."
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!