Hackers Target Bitcoin

Posted on Updated on

On Sunday, users of the popular Bitcoin discussion forum Bitcoin Talk (bitcointalk.org) noticed that the website was being served via CloudFlare. It turns out that the change is the work of cybercriminals.

According to Bitcoin Talk administrator Theymos, this appears to be a man-in-the-middle attack that leveraged a vulnerability in the systems of AnonymousSpeech.com

“8-14 hours ago, an attacker used a flaw in the forum’s AnonymousSpeech to change the forum’s DNS to point to 108.162.197.161 (exact details unknown). Sirius noticed this 8 hours ago and immediately transferred bitcointalk.org to a different registrar,” Theymos stated a few hours ago.

However, he warns that it might take around 24 hours until the changes propagate.

It’s believed the attacker could have intercepted encrypted communications, including passwords, authentication cookies and private messages. However, only information submitted while the DNS was changed could have been compromised.

All security codes have been invalidated, but while this is sorted out, users are advised to add “109.201.133.195 bitcointalk.org” to their hosts file to make sure they’re communicating with the right server.

Interestingly, the man-in-the-middle attack coincided with a massive distributed denial-of-service (DDOS) attack launched against the website.

“These two events are probably related, though I’m not yet sure why an attacker would do both of these things at once,” Theymos said.

The incident is still being investigated.

It’s worth noting that several Bitcoin-related services have been targeted by hackers over the past period, especially since the value of the digital currency skyrocketed.

Post by:

Instituto Internacional de Seguridad Cibernética
International Institute of Cyber Security
www.iicybersecurity.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s