Topic: BitInstant loses $12,000 in digital heist (Read 1262 times)

From BitInstant's Blog:

$12,000 worth of BTC... probably around 250 or so?

ditto, what is the amount of BTC from this "heist"?

Yeah. Price went up.

http://www.dailydot.com/news/bitcoin-bitinstant-12000-stolen-heist-hack/

Well, it's a vast improvement from the good old days where only 10k+ Bitcoins were considered a 'heist'.

Also from the blog:

Are there hosting companies that provide something like two-factor auth or a waiting period before changing the primary email address?  That seems a like an easy and smart solution to this kind of attack.  One of my clients uses site5 and when I sent them the instruction "Please contact the owner of account x for the contact information for their new webmaster", they said they wouldn't.  I think these things should be tested before hosting something sensitive.

A Bitcoin broker fell victim to a major digital heist over the weekend after hackers snuck their way into its accounts and made off with $12,000 worth of the digital currency.

 The attack briefly shut down Bitcoin brokerage firm BitInstant over the weekend, as hackers took over its DNS servers and email accounts.

BitInstant, which acts as a middleman between Bitcoin exchanges and people looking to invest in the currency, said the attack did not compromise any customer accounts. Instead, hackers stole directly from the company's own accounts—a bit of silver lining for a brokerage that at one point last year was exchanging $2.5 million of Bitcoins every month. An attack on its customers could have been disastrous.

 Here's how it went down: A hacker, which BitInstant believes is based in Russia, used publicly available info to weasel their way into the company's domain name server (DNS) and kick out the legitimate owners. That gave them control over BitInstant email accounts. The next step was easy. The hacker went to online BitCoin exchange VirWox and asked to reset their passwords. Once they received the password reset email, they had full access to the BitInstant account on VirWox.

 BitInstant wasn't surprised by the attack. A company rep wrote in a blog post:

 "We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success. At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday.”

 This isn't the largest heist in Bitcoin history. That dubious honor goes to Bitcoinica, a now-defunct digital exchange. In 2012, hackers made off with 60,000 bitcoins, worth hundreds of thousands of dollars at the time—a theft of such magnitude that it contributed to Bitcoinica shutting down entirely a few months later.

 Bitcoin has been seeing a popularity explosion in recent months. It's easy to see this latest hack as a sign that Bitcoin is a risky currency to own. But it's also a sign of Bitcoin's growing legitimacy. Thieves don't usually waste their time on Monopoly money.