Popular Bitcoin forum targeted in DNS and DDoS attack

Share this article:

Roughly 175,000 members registered on bitcointalk.org are being discouraged from logging into their accounts following attacks against the popular Bitcoin forum, according to an advisory on the top of the main page.

“If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it,” according to the advisory.

On Monday, a bitcointalk.org administrator named ‘theymos' wrote that what likely happened is an attacker took advantage of a vulnerability in the forum's registrar, Anonymous Speech, to redirect the domain name system (DNS) to a different point.

Bitcointalk.org was promptly transferred to a different registrar as a result, theymos explained, but the administrator added that those types of changes take time and that users should avoid logging into the website for about 20 hours.

“Because the HTTPS protocol is pretty terrible [on the forum], this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, PMs, etc.,” theymos wrote. “Your password only could have been intercepted if you actually entered it while the forum was affected.”

The administrator added, “I invalidated all security codes, so you're not at risk of having your account stolen if you logged in using the “remember me” feature without actually entering your password.”

Meanwhile, the Bitcoin forum is concurrently the target of a massive distributed denial-of-service (DDoS) attack, theymos wrote, adding that while the two events are probably linked, it is unclear why the attacker is doing both at once.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.