Yet another Bitcoin business is hacked; BitInstant loses $12k in social engineering scam

You may have heard the news by now, but popular Bitcoin payment provider BitInstant was hacked last week. It wasn’t a massive hack like we’ve seen on MyBitcoin or Mt. Gox so I didn’t see much reason to write on it when I saw it 3 days before Wired’s article, but as I looked at it more I figured I’d point out some interesting points.

First, the hack was a regular social engineering hack. Really simple stuff.

Over the weekend the BitInstant team has been hard at work securing our system from a sophisticated attack on Thursday evening. Overall, due to major choke points and redundancies in our system, the hacker was only able to walk away with $12,480 USD in BTC, and send them in 3 installments of 333 BTC to bitcoin addresses.

The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother’s maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account). We immediately realized what was going on, and logged in to change the information back. After changing this info and locking the attacker out, overnight he was able to revert my changes and point our website somewhere else.

After gaining access, they redirected DNS by pointing the nameservers to hetzner.de in germany, they used hetzner’s nameservers to redirect traffic to a hosting provider in ukraine. By doing this, he locked out both my login and Gareths’s login and they used this to hijack our emails and reset the login for one exchange (VirWox), enabling them to gain access and steal $12,480 USD worth of BTC.

BitInstant is shifting the blame totally on the host. Never mind the fact that they used real, publicly accessible information on of the owners wide-open Facebook page, this is totally the host’s fault.

Site5 has since responded since the hack.

Security & Social Engineering

This day and age requires us all to be security-conscious