BitInstant Hacked

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

In a recent blog post, Charlie Shrem, CEO of bitcoin exchange BitInstant, announced that the company had been hit by a "sophisticated attack" that resulted in the theft of $12,480 in bitcoins.

The hacker used social engineering to get in, contacting domain registrar Site5 posing as Shrem and using his place of birth and mother's maiden name (both in the public record) to gain access to the company's account.

"After gaining access, they redirected DNS by pointing the nameservers to hetzner.de in germany, they used hetzner's nameservers to redirect traffic to a hosting provider in ukraine," Shrem wrote. "By doing this, he locked out both my login and Gareths's login and they used this to hijack our emails and reset the login for one exchange (VirWox), enabling them to gain access and steal $12,480 USD worth of BTC."

"In addition to stealing the Bitcoins, the attackers have also managed to access internal company emails, but no sensitive information has been accessed because of the mandatory use of PGP encryption by members," writes Softpedia's Eduard Kovacs. "'Site5 is denying any damages, but we suspect this was partly their fault,' BitInstant representatives explained. The company says it will move to a more secure registrar."