Hackers Break Into Bitcoin Exchange Site Bitcoinica

Outsmart Malicious Hackers


Bitcoin hasn’t been having a great time lately, there have been a few high profile, large dollar amount hacks of Bitcoin Exchange sites (basically the Bitcoin banks).

The latest involved $90,000USD and a high likelihood that the user database was compromised too. It seems like Bitcoin, despite all the hype, might die a slow death due to all these compromises which are destroying users trust and the overall credibility of the service.

It was touted to be a whole new global economy which is resistant to inflation, inflated GDP and totally decentralized. Obviously security wasn’t high on the list.

Bitcoin exchange site Bitcoinica suspended its operations on Friday after hackers managed to steal 18,547 bitcoins — valued at about US$90,000 — from its online wallet.

The user database probably was compromised as well, Bitcoinica’s administrators said in an announcement posted on the site’s home page. The information stored in the database included usernames, email addresses and account histories.

Account passwords were encrypted in a way that makes it extremely unlikely for them to be cracked, the Bitcoinica team said. However, to be on the safe side, the team advised users to change their passwords on other websites where they might have used them.

The compromised user information can be used to launch phishing attacks, as has happened in the past after many data breaches that exposed user email addresses.

Users should be suspicious of any messages received on their email addresses registered with Bitcoinica, the site’s administrators said. “It is always a best practice to never click an email link to login to any online service.”

Bitcoin is a cash-like digital currency that can be exchanged directly by users without the need for a central payment service. It uses the peer-to-peer model for synchronizing transaction records between users.

Bitcoinica noted that the stolen bitcoins belonged to the exchange, not the users, and said it will honor any withdrawal request. However, it’s not clear when or if the website will resume operations.

I’m not sure if the users from Bitcoinica will see any phishing mails, I’d imagine whoever the infiltrators were, they were purely after the Bitcoins and the money they could make from selling them.

User accounts are only really valuable if they have working credit card details – which these accounts don’t seem to have. The previous exchange that got attacked closed down shortly afterwards, it was at the time the largest – Inside the Mega-Hack of Bitcoin: the Full Story.


“It’s more serious than we thought,” said Bitcoinica founder Zhou Tong, in a post on the Bitcointalk forum on Saturday. “Likely we will either shut down the platform or re-develop entirely (which will take months instead of days).”

The company needs more time to come up with a plan to compensate users for the downtime and other issues resulting from this security incident, Zhou said.

In a separate post on Sunday, Zhou revealed that he sold Bitcoinica to an undisclosed investor back in November 2011 and stayed with the company as an employee in charge of daily operations until a new team took over two weeks ago. He also announced that he plans to retire from all bitcoin-related projects after this incident is resolved.

Security breaches at bitcoin exchanges don’t only affect the users of those exchanges, but the entire bitcoin community, because they negatively affect the value of the virtual currency. In June 2011, bitcoin prices plummeted after news broke that the largest bitcoin exchange, Mt.Gox, was compromised.

This is not the first time that Bitcoinica has lost a large number of bitcoins to hackers. Back in March, attackers managed to steal 43,000 bitcoins from the exchange after they compromised the servers of Web hosting provider Linode.

“It seems Bitcoin has the same problem(s) that other web applications possess: vulnerabilities, such as SQL injections, that make it susceptible to data theft,” Rob Rachwald, director of security strategy at security firm Imperva, said via email. “In the early days of legitimate online banking, when one breach hit a bank, the whole industry’s brand took a hit. Ironically, the same dynamic could play out in black market banking.”

I would imagine the site will close down and I hope they rebuild their platform from scratch – without secure programming principles in mind. The large attack on Mt.Gox effected value of Bitcoins across the whole network and required the founders to pump back in real cash from their own pockets to stabilize the eco-system.

It makes me wonder why people are interested in Bitcoins and Bitcoin trading in the first place, I guess the currency is only as secure as the Exchanges and the platforms they are running on.

Source: Network World

Posted in: Exploits/Vulnerabilities, Web Hacking

,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


3 Responses to Hackers Break Into Bitcoin Exchange Site Bitcoinica

  1. John M May 19, 2012 at 2:08 pm #

    Risk is lurking everywhere and it can strike at anytime. How careful could one be to use the cyberspace in confidence.

  2. droope May 25, 2012 at 2:56 am #

    this, for programmers is a dream: to hack into a computer and take money away!

    If you have bitcoin wallets, you need to take measures to protect them. The thing is, most people don’t really know about security. I see projects such as owasp being vital for the information of developers.

    Cheers,
    Pedor

  3. Guest June 8, 2012 at 3:56 am #

    I think the dollar might die a slow death because of all of the bank robberies.