A Bitcoin transaction services company says that hackers broke into one of its brokerage accounts last week, nabbing more than $12,000 worth of the digital currency.
That attack knocked Bitinstant offline over the weekend. The company says that while it lost Bitcoins, no customers were affected by the hack.
The criminals were able to take control of Bitinstant's internet domains by convincing its domain registrar, Site5, to hand over control of the company's Domain Name Service, or DNS. "Armed with knowledge of my place of birth and mother's maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login," the company said Monday in a blog post detailing the incident.
With control of the DNS, the bad guys also had control over Bitinstant's email. They then did an online password reset at a Bitcoin exchange called VirWox and started emptying Bitinstant's account. The total haul: $12,480.
The attack worked on the VirWox exchange because Bitinstant's account didn't have two-factor authentication. In other words, the criminals were able to empty out money with just a user name and password. "No other exchanges were affected," Bitinstant wrote, saying that the other exchanges it uses were protected by such security precautions as multi-factor authentication, Yubikeys, and auto lockdowns.
Reached Thursday, a VirWox representative said that the exchange has had multi-factor authentication since September 2012. "Bitinstant was not using it (they learned and do now)," the representative said in an email message.
This isn't the biggest Bitcoin heist. Last year, the Bitcoinica exchange was hacked twice, to the tune of more than 60,000 bitcoins. (A Bitcoin is worth more than $40 today; the Bitcoinica thefts were worth several hundred thousand dollars at the time.) That exchange eventually went out of business.
Bitcoins have been getting a lot of attention lately. The Internet Archive is paying its staff members in Bitcoins. You can use them to shop at Amazon or even buy a pizza. But that has made them a more attractive target to hackers, who have taken to writing malicious software that steals Bitcoins out of digital wallets stored on people's desktop computers.
Gaven Andresen, chief scientist with the Bitcoin Foundation, says he had a digital wallet swiped last year. It had been stored on an internet service provider's computer. But the thieves got away with only about $15. That's because Andresen stores most of his Bitcoins on an encrypted laptop that's not connected to the internet.
"Right now, we're in the Wild West days of Bitcoins," he says. "And some of the smaller exchanges and smaller services just don't have their security up to snuff yet."
Site5 and Bitinstant couldn't immediately be reached for comment.
Hey guys, you guys should try Firepa.com if you want to make money online! I am making over $3,000+ per month! Visit FIREPA.COM and start making money now! FIREPA.COM Is paying me and my wife $10.000 / Month
The fire orders the chunky form.
The curve refines the discreet taste.
# of coins currently in existence are 1/3 of what there will be. shows positive trend, but volatile. Don't get caught up in fucking day trading coins. Make the right moves and you'll have your own little piece of the market of the future where people are smacking themselves saying "Fcuk! I wished I woulda bought when BitCoin was back at 90 bucks!!".... The U.S. is going broke, and when the USD dies americans will adopt bitcoin in desperation. Bitcoin will win. Period.
I don't think this man has a full understanding of BitCoin. Having said that, bitcoin is the biggest thing to happen since sliced bread. Any idiot, DUMB ENOUGH, to not join BitCoin now is either too broke, a fool, or already financially comfortable. Untaxable, deflationary, Decentrallized, Anonymous? Uhhhhh.. yeah bet your ass I'm in.
The crown represents money (coins) and the anchor a safe harbor. In '94 I recreated and altered the insignia of the "Ensign" from the Dutch Navy to become the icon of Invest Offshore. Thanks for asking.
Useless when the power is out. Just FYI. I can still barter with gold and silver without power. My flash drive is useless without power, and less people recognize bitcoin vs the gold and silver in my hand.
Brokerage fee amount by transaction value 1.
Trade online and settle your trade to a CDIA or CommSec Margin Loan 2.
Trade online and settle into a bank account of your choice.
Share Trades over the Phone 3.
CommSec Share Packs online 4.
CommSec Share Packs over the phone 4.
Trades requiring settlement through a third party 6.
1 For GST rounding reasons, the final brokerage fee may vary from the stated or expected brokerage fee by a couple of cents.
4 Normal brokerage will apply when a stock acquired through CommSec Share Packs is subsequently sold.
5 Amount per share will be noted as brokerage on each confirmation issued. There will be no substitution should a stock have a trading halt placed on it.
6 Includes third party Margin Lending, and where the Commonwealth Bank exercises its rights under the loan Terms and Conditions.
Other fees may apply. Please see the CommSec Financial Services Guide.
Open a CommSec Share Trading Account.
Buy and sell shares using a CommSec Share Trading Account with our cash account - with it you can seamlessly settle trades, transact and earn interest.
Buy and sell shares using a CommSec Share Trading Account with your existing bank account.
Frequently asked questions.
Shares held with another broker.
For the transfer to be successful the name and address registered on your issuer holdings must match your CommSec account.
Your request will be completed within 72 hours.
Shares held with the share registry To transfer shares held with the share registry into your CommSec Trading Account you need to complete an Issuer Sponsored Holdings to CHESS Sponsorship Transfer Form.
Your request will be completed within approximately 48 to 72 hours of receipt.
When you have bought and sold shares on the same day and the next trading day, your payment may be partially or wholly offset. For more information refer to the New Client Guide.