Author

Topic: BitInstant loses $12,000 in digital heist (Read 1277 times)

sr. member
Activity: 444
Merit: 250
I prefer evolution to revolution.
March 10, 2013, 08:39:10 PM
#8

From BitInstant's Blog:
Quote
Overall, due to major choke points and redundancies in our system, the hacker was only able to walk away with $12,480 USD in BTC, and send them in 3 installments of 333 BTC to bitcoin addresses.
 
15WeVhV1rSUVGqBWuzi4ogV3BGSwAw8fCX
12Sfsc4XVBfSkcz9CayqfZdhYuntbjtjXp
1Fimj1BzMBessvPw2RKeqvgPg7VLgJCQi
member
Activity: 112
Merit: 16
Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
ditto, what is the amount of BTC from this "heist"?

$12,000 worth of BTC... probably around 250 or so?
sr. member
Activity: 472
Merit: 250
Never spend your money before you have it.
Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
ditto, what is the amount of BTC from this "heist"?
hero member
Activity: 756
Merit: 522
Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.

Yeah. Price went up.
donator
Activity: 1466
Merit: 1048
I outlived my lifetime membership:)
legendary
Activity: 1288
Merit: 1227
Away on an extended break
Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.
sr. member
Activity: 444
Merit: 250
I prefer evolution to revolution.
Also from the blog:
Quote
The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother's maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account).

Are there hosting companies that provide something like two-factor auth or a waiting period before changing the primary email address?  That seems a like an easy and smart solution to this kind of attack.  One of my clients uses site5 and when I sent them the instruction "Please contact the owner of account x for the contact information for their new webmaster", they said they wouldn't.  I think these things should be tested before hosting something sensitive.
hero member
Activity: 686
Merit: 500
A Bitcoin broker fell victim to a major digital heist over the weekend after hackers snuck their way into its accounts and made off with $12,000 worth of the digital currency.

 The attack briefly shut down Bitcoin brokerage firm BitInstant over the weekend, as hackers took over its DNS servers and email accounts.

BitInstant, which acts as a middleman between Bitcoin exchanges and people looking to invest in the currency, said the attack did not compromise any customer accounts. Instead, hackers stole directly from the company's own accounts—a bit of silver lining for a brokerage that at one point last year was exchanging $2.5 million of Bitcoins every month. An attack on its customers could have been disastrous.

 Here's how it went down: A hacker, which BitInstant believes is based in Russia, used publicly available info to weasel their way into the company's domain name server (DNS) and kick out the legitimate owners. That gave them control over BitInstant email accounts. The next step was easy. The hacker went to online BitCoin exchange VirWox and asked to reset their passwords. Once they received the password reset email, they had full access to the BitInstant account on VirWox.

 BitInstant wasn't surprised by the attack. A company rep wrote in a blog post:

 "We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success. At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday.”

 This isn't the largest heist in Bitcoin history. That dubious honor goes to Bitcoinica, a now-defunct digital exchange. In 2012, hackers made off with 60,000 bitcoins, worth hundreds of thousands of dollars at the time—a theft of such magnitude that it contributed to Bitcoinica shutting down entirely a few months later.

 Bitcoin has been seeing a popularity explosion in recent months. It's easy to see this latest hack as a sign that Bitcoin is a risky currency to own. But it's also a sign of Bitcoin's growing legitimacy. Thieves don't usually waste their time on Monopoly money.
Jump to: