BitcoinTalk forum hacked by 'The Hole Seekers'

Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves "The Hole Seekers".

AccessTimeIconOct 3, 2013 at 2:19 p.m. UTC
Updated Sep 10, 2021 at 11:36 a.m. UTC

Article updated on October 7 at 11:00

Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves "The Hole Seekers".

The site is now down, but for a period, it displayed animations of bombs exploding and photos of classical music conductors, all set to the 1812 Overture, which is also the soundtrack to the explosion scene in V for Vendetta.

Toward the end of the animation, a banner was displayed, stating:

"Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye"

Theymos, the administrator of BitcoinTalk, told that the attack was worse than he originally thought.

"There’s a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I’m not sure yet how difficult this would be. I’m sending out a mass mailing to all Forum users about this," he explained.

Theymos summarised that the forum will be down for a while and said he thinks that password hashes were not compromised, but he can't be sure at this time.


"Passwords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into seems harmless," he added.

The administrator said the attacker injected some code into $modSettings['news'], which is the news at the top of the forum pages. Updating news is normally logged, but this action was not, so Theymous believes the update was done in "some roundabout way" and not by compromising an admin account.

"Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly," he added, concluding:

"Figuring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used.) The forum won’t go back up until I know how this was done, so it could be down for a while."

Reddit forum members have been discussing the payloads involved in the hack – both the HTML source and the Javascript payload. Forum member 'super3' said he can't see anything that stands out as malicious, but 'itsmemax' claims the Javascript payload is a bluff.

Michael Parsons, of, said: "Whoever hacked the BitcoinTalk forum has deliberately confused the 'illegality' of the Silk Road site with bitcoin in general."

He went on to say bitcoins were seized from Silk Road not because they're inherently illegal – which they’re not – but because they played a part in money laundering.


"Any money, either State fiat or decentralised bitcoin, found during a drug bust would be seized," Parsons clarified.

He suggested BitcoinTalk may have been hacked in an attempt to undermine the bitcoin protocol, thus damaging confidence in the ecosystem.

"Perversely, I think it will be a benefit to the bitcoin community, as it will encourage debate about bitcoin and how it is not illegal just because some hackers say so," Parsons concluded.


BitcoinTalk is now up and running again. It went back online on the morning of 7th October (UK time). Some posts on reddit lay blame for the attack at the door of members of the SomethingAwful forum, whereas others are blaming the US government.

One forum member links to a screen shot of IRC, which appears to show a conversation between Theymos and another user, with Theymos stating a SomethingAwful "goon" was responsible for the hack. All BitcoinTalk users are advised to change their forum passwords.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.