Bitcoin community site penetrated by mischief-makers
Financial Services // Web Services
An Internet forum for fans of the virtual currency, Bitcointalk.org, greeted visitors with the message: “Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye," according to an online video of the hack.
The intrusion occurred right after the FBI seized $3.6 million worth of Bitcoin as part of a shutdown and arrest of the alleged operator of the Silk Road, an online market of mostly illicit goods.
“Ross William Ulbricht, allegedly the mastermind of Silk Road, was himself a Bitcoin Talk user and, in one of his posts, he sought out an IT pro in the Bitcoin community. This, according to federal prosecutors, is evidence that he is also the same individual who used the moniker "Dread Pirate Roberts" and so, by definition, is the operator of Silk Road,” Sophos reports.
A Bitcointalk.org administrator, who goes by "Theymos," wrote on Reddit that user passwords probably were not compromised and that JavaScript code injected into the site appeared to be harmless.
Theymos said a 50 Bitcoin reward, worth about $6,500, is being offered to anyone who can figure out how the site was breached.
The video depiction of the hack also presented classical music and animated explosions. It was posted by a Reddit user, who said the offenders call themselves "The Hole Seekers."
Theymos added that “whoever was behind the attack had injected some code into $modSettings['news'], which is the news found at the top of the forum pages. News updates, he said, are normally logged but these actions weren't which leads him to believe that the hacker did not compromise an admin account or otherwise make a 'legitimate' change,” according to Sophos.
The hackers were able to upload a PHP script and other files to the avatar directory. Theymos admitted that his lack of knowledge prevented him from discovering more details of the attack. Bitcointalk.org uses software made by the nonprofit organization Simple Machines.
ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.