Bitcoin is stateless, frictionless and more valuable than ever. But these things also mean that BTC is a security risk, from an IT perspective.
Case in point is the popular virtual currency forum Bitcoin Talk. The site was recently hacked, and the administrators have posted a note regarding the possibility of compromised passwords over a recent period of time:
“If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it. If you were only logged in via the “remember me” feature, then you’re OK.”
A man-in-the-middle attack can be performed by spoofing a public key exchange, which puts a hacker or group of hackers in a position to gather data somewhat unsuspectingly. In this case, it appears that the intruders were attempting to steal username and corresponding password information.
Travis Skweres, the CEO of virtual currency exchange CoinMKT, says that security is a major issue for any bitcoin-related property. He indicated that attackers have tried to compromise his site, causing some delays in the exchange’s build-out. Skweres said:
“Unfortunately all of the attributes that make bitcoin great – over the web, no chargebacks, easy to send – also make it a huge target for hackers. Online security is more important than ever before in the world of digital money, and it’s not just businesses that will have to adjust, but users as well.”
Bitcoin Talk has previously been a victim of DDoS attacks – there have been numerous reports of downtime for the forum in the past. Also, back in October, the site was hacked by a group calling themselves “The Hole Seekers”. During the hack, the site displayed animations of bombs exploding and photos of classical music conductors, all set to the 1812 Overture, which is also the soundtrack to the explosion scene in V for Vendetta.
The forum itself does not actually exchange or transact in virtual currencies; rather it has simply been a facilitator of information and communication regarding virtual currencies. Yet it has been a resource for both good and bad.
Bitcoin Savings and Trust, for example, which was allegedly operated as a Ponzi scheme, garnered a number of “customers” from Bitcoin Talk under the guise of username pirateat40. Its proprietor has been charged by the Securities and Exchange Commission (SEC) for defrauding investors.
The key for anyone that is interested in participating in the bitcoin economy is vigilance and due diligence, according to Skweres.
“We’re going to see more and more stories of millions being stolen until security and user habits catch up with the current state of the web,” he said.
Password image via Shutterstock