More details are available on last night’s hacking and identity theft attempt on Roger Ver, with the bitcoin icon and his security team revealing how they tracked the hacker and forced him into a humiliating backdown.
The story became more compelling when Ver posted a 37.6 BTC reward on his Facebook account to anyone who supplied information leading to the hacker’s capture.
He stressed that everything was now back under control and that no amount of bitcoin was stolen.
What was later described as a series of hack attempts by an individual or “a few kids” working together began around noon local time in Singapore, where bitcoiners were attending this week’s Coin Congress event.
A few of Ver’s friends contacted him to say someone appeared to be impersonating him on Facebook, and was soliciting bitcoin donations.
“A few hours later I noticed some notification emails regarding an old old hotmail.com account that I haven’t used for much of anything for years,” he said.
“Hotmail doesn’t seem to offer 2FA, so the hacker seems to have successfully accessed the Hotmail account by answering the security questions based on publicly available information.”
Ver had not been such a public figure at the time he’d set up the account.
Using Hotmail, the hacker/s retrieved sensitive personal information, ID document numbers and even login credentials to one of Ver’s domain accounts at register.com.
Someone using the Skype account ‘nitrous’ with screen name ‘Savaged’ contacted Ver at 5:24pm and confessed to being the person who’d hacked into his email.
Displaying hacker bravado, ‘Savaged’ posted Ver’s Social Security Number and some other information to prove his sincerity.
“All I want is some bitcoin and I will leave you alone,” Savaged wrote, promising to return the stolen accounts and not continue with attempts to infiltrate Ver’s online life any further.
Otherwise, he would “ruin” Ver’s life and cause hardship to his family back in the US.
“I think we both know this won’t be pleasent (sic) and let’s be honest there is nothing you can do to have me caught, I’ve been around too long.”
The hacker demanded 37.63289114 BTC for his troubles, equivalent to $20,000 at the exact time, saying such an amount was “nothing” to someone so wealthy.
Rallying the troops
Ver’s go-to guy in Singapore to deal with the crisis was J. Maurice, a fellow bitcoiner from Tokyo and ‘Chief Hacking Officer’ of company wiz technologies. Both Ver and Maurice happened to be staying at the Shangri-La Hotel, also the conference venue, and Maurice dashed across the building to start work immediately.
Together they began mitigating the damage by identifying accounts that hadn’t been touched and trying to lock them down more securely.
Using the information they’d gained from Hotmail, the hackers were trying to hijack Ver’s domain names and primary email account. They reset the password on an older, disused, Facebook account.
Maurice transferred the domains’ nameservers to his own network at wiz technologies but within minutes, the hackers simply changed them back again. He eventually had to transfer the domains completely away from the compromised account.
They also tried to track down details about the hacker/s, identifying a number of Twitter accounts that appeared to be controlled by the same person.
Just after 6:00pm Ver decided to employ the tactic used by Mel Gibson’s character in the movie ‘Ransom’: Rather than give the bitcoins to the hacker, he posted on Facebook and Twitter that he would use the same amount as a bounty on the hacker instead, and mentioned the Skype name ‘nitrous’.
37.6 BTC reward for information that leads to the arrest of the hacker that is trying to hack all my stuff at the moment. details to come!
– Roger Ver (@rogerkver) 23 May 2014
The promise was even re-tweeted by celebrity financial commentator Max Keiser to his 99,300+ followers.
Inspired, several of Ver’s thousands of Facebook friends and followers leapt into action, posting pieces of information they claimed were the hacker’s and offering teasers of further information once the bitcoins were paid.
There was a Skype exchange with someone named ‘TGOD’ who claimed to know the hacker personally and had a personal grudge against him, but seemed impatient to get his hands on the 37.6 bitcoin reward and was not prepared to offer up any information before it was paid in full or part.
Ver at no point advocated any violent or physical action against anyone suspected of connection to the hack.
Change of Heart
Around 6:30pm, about an hour after the incident began, the hacker’s tone started to change. Irritated by a lack of immediate response he first became abusive and threatened with “WOULD YOU LIKE TO GET OWNED LIKE X10000 HARDER THAN I PLAN TO?”
He then switched to pleading, saying he’d demanded the amount to pay for a $15,000 transplant procedure for his mother.
Ver then sent a link to his Facebook post with the offer of a 37.6 BTC bounty. Thereafter the hacker appears to panic, switching to frantic apologies and claiming to be representing a separate, ‘real’ attacker.
“Goodbye. Sir, I am sincerely sorry I am just a middleman I was being told what to. I was seriously being told what to tell you by someone else I don’t even know what’s going on.”
“Please stop I am so sorry I told him that you are now going to have me killed over something he made me do I didn’t even do this it was someone else.”
“Then you can earn 37 BTC by turning in the real hacker,” wrote Ver.
“Man that isnt even me this is so fucked up i got myself in this situation[…]You dont know the stuff he makes me do he did this to me before.”
The chat ends with the supposed hacker capitulating completely, saying he would probably turn himself in to the authorities voluntarily for fear he’d be harmed as a result of the incident.
The hacker/s then deleted Ver’s Hotmail account, set all passwords to his other accounts to a racial slur, notified Ver of the change and vanished.
He/they also tried to delete the threats made via Skype, but Maurice fetched the chat logs and posted the incriminating sections online.
Ver’s followers on Facebook identified people they suspected of being the culprit, though at this point it has not been verified that any of them are the hacker in question.
As for the 37.6 BTC bounty, Ver said:
“I will gladly pay it when the hacker is arrested, to whatever person provided the information that led to the arrest.”
“If more than one person helped, I will split the reward between them in whatever ratio I think is the fairest.”
Ver has posted full chat logs from the Skype conversations with the hacker and bounty hunter. He added Microsoft has still not responded to a support request he made regarding the Hotmail hack and account deletion, even though it was over 24 hours ago.
Securing your online properties
Maurice said it was important for everyone to be more security conscious with all the internet properties they controlled, not just bitcoin:
“The important takeaway here is that because of the fact register.com doesn’t support 2FA, the hackers almost gained access to Roger’s primary email, where they could have potentially compromised the majority of Roger’s accounts.”
“This also shows how important it is to protect your DNS infrastructure. If you haven’t already, I highly recommend moving your domains to a registrar that supports 2FA. I’m currently using name.com simply because they were the first to support 2FA, but I’m planning to move my domains to namecheap because they not only support 2FA but they also accept bitcoin.”