Bitcointalk.org Says DNS Was Hijacked, Passwords Compromised

Bitcointalk.org, one of the largest and most active communities dedicated to the virtual currency, has become a victim of a man-in-the-middle attack. Members who have recently logged in are advised to immediately change their passwords.

According to one of the forum administrators, the attacker used a flaw in the infrastructure of the AnonymousSpeech registrar to change the forum’s DNS to point to a different server.

On the same day, the website was targeted by a distributed denial of service (DDoS) attack, suggesting that both incidents are a part of a sustained malicious campaign.

Meanwhile, Bitcoin is trading as high as $1,165 on Mt. Gox exchange.

A series of unfortunate events

Bitcointalk.org was established in November 2009, just months after Bitcoin first appeared online. Today, the community has around 175,000 members, and the website serves almost 400,000 page views per day.

On Monday morning, the DNS entry for the website was changed to point towards an unidentified address that was protected by the CloudFlare network. The attack was discovered about six hours later, and the website was transferred to a different registrar. However, this kind of change is not instant, putting the members who accessed the forum during this time at risk.

“If you used your password to login between 06:00 Dec 1 UTC and 20:00 Dec 2 UTC, then your password may have been captured in a man-in-the-middle attack, and you should change your password here and wherever else you used it,” states the advisory on the website.

According to the administrator called ‘theymos’, the attacker was potentially able to intercept and modify encrypted forum transmissions, allowing them to see passwords, authentication cookies and private messages. The passwords could only be hijacked if users entered them into the website manually, which means those who had logged in using the “remember me” feature are not at risk.

Later on Monday, the website also suffered from a DDoS attack. “These two events are probably related, though I’m not yet sure why an attacker would do both of these things at once,” wrote ‘theymos’.

What do you know about Bitcoin? Take our quiz!