On Sunday, users of the popular Bitcoin discussion forum Bitcoin Talk (bitcointalk.org) noticed that the website was being served via CloudFlare. It turns out that the change is the work of cybercriminals.
According to Bitcoin Talk administrator Theymos, this appears to be a man-in-the-middle attack that leveraged a vulnerability in the systems of AnonymousSpeech.com
“8-14 hours ago, an attacker used a flaw in the forum’s AnonymousSpeech to change the forum’s DNS to point to 220.127.116.11 (exact details unknown). Sirius noticed this 8 hours ago and immediately transferred bitcointalk.org to a different registrar,” Theymos stated a few hours ago.
However, he warns that it might take around 24 hours until the changes propagate.
It’s believed the attacker could have intercepted encrypted communications, including passwords, authentication cookies and private messages. However, only information submitted while the DNS was changed could have been compromised.
All security codes have been invalidated, but while this is sorted out, users are advised to add “18.104.22.168 bitcointalk.org” to their hosts file to make sure they’re communicating with the right server.
Interestingly, the man-in-the-middle attack coincided with a massive distributed denial-of-service (DDOS) attack launched against the website.
“These two events are probably related, though I’m not yet sure why an attacker would do both of these things at once,” Theymos said.
The incident is still being investigated.
It’s worth noting that several Bitcoin-related services have been targeted by hackers over the past period, especially since the value of the digital currency skyrocketed.
Instituto Internacional de Seguridad Cibernética
International Institute of Cyber Security