Popular Bitcoin forum targeted in DNS and DDoS attack

Share this article:

Roughly 175,000 members registered on bitcointalk.org are being discouraged from logging into their accounts following attacks against the popular Bitcoin forum, according to an advisory on the top of the main page.

“If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it,” according to the advisory.

On Monday, a bitcointalk.org administrator named ‘theymos' wrote that what likely happened is an attacker took advantage of a vulnerability in the forum's registrar, Anonymous Speech, to redirect the domain name system (DNS) to a different point.

Bitcointalk.org was promptly transferred to a different registrar as a result, theymos explained, but the administrator added that those types of changes take time and that users should avoid logging into the website for about 20 hours.

“Because the HTTPS protocol is pretty terrible [on the forum], this alone could have allowed the attacker to intercept and modify encrypted forum transmissions, allowing them to see passwords sent during login, authentication cookies, PMs, etc.,” theymos wrote. “Your password only could have been intercepted if you actually entered it while the forum was affected.”

The administrator added, “I invalidated all security codes, so you're not at risk of having your account stolen if you logged in using the “remember me” feature without actually entering your password.”

Meanwhile, the Bitcoin forum is concurrently the target of a massive distributed denial-of-service (DDoS) attack, theymos wrote, adding that while the two events are probably linked, it is unclear why the attacker is doing both at once.

Share this article:

Sign up to our newsletters

More in News

BlackBerry acquires voice and data encryption firm Secusmart

On Tuesday it was announced that the phonemaker would purchase the voice and data encryption firm.

OTI report exposes economic costs of NSA spying

OTI report exposes economic costs of NSA spying

A report from New America OTI found that the NSA surveillance program has had a chilling effect on U.S. commerce and foreign policy.

Breach index: Encryption used in 23 percent of Q2 incidents

Breach index: Encryption used in 23 percent of ...

Out of the 237 disclosed data breaches last quarter, encryption was used in only 10 instances.