Details Behind BTC-E and BitcoinTalk Breaches Discovered

data-breachesSome time back we saw the cyber world panic after hearing about user data breaches on BitcoinTalk and BTC-E, two of the biggest bitcoin websites operating presently.

Latest reports are suggesting that particulars of the cyber attacks have finally been discovered.

For your information, BTC-E is a bitcoin exchange and BitcoinTalk is the biggest bitcoin forum in existence right now.

LeakedSource, which happens to be one of the most notable data breach monitoring and indexing resource, has come up with information on data breaches that took place some time back. The said events were experienced by BitcoinTalk and BTC-E respectively in 2015 and 2014.

The data stolen from the bitcoin websites was reviewed meticulously by LeakedSource. Other than presenting information about the breaches, the review also came up with some optimistic facts.

The data breach monitoring resource found that the password encryption systems and security framework used by both the bitcoin websites are exceptionally good. As a result, the cyber attacks, in spite of being pretty strong, couldn’t cause serious security issues for the users.

According to experts at LeakedSource, the majority of the passwords on both bitcoin websites were either extremely difficult to crack or couldn’t be cracked at all.

The first incident of data breach took place in October 2014 when a dataset with user information got stolen from BTC-E. Due to this data breach, information of as many as 568,355 registered users of the bitcoin exchange got revealed.

Those breached data comprised of user detail of all kinds including IP addresses, email addresses, usernames, passwords, registration dates, the preferred language of the users and so on.

unique-passwordThe thing that left cyber experts even more worried was that the breach even revealed the amount of bitcoins owned by owners of some of the compromised accounts.

However, the event was managed well by BTC-E. They used a unique and discreet password hashing procedure for securing user passwords.

Surprisingly, the method used by the bitcoin exchange was even unknown to LeakedSource.

As of now, passwords of every BTC-E user can be tagged as “completely uncrackable”; this is a really big achievement as the bitcoin exchange has more than half million users.

LeakedSource, however, is claiming that the situation might change.

However, according to the data breach monitoring resource, BTC-E has done a good job in securing the password security of its users. If the passwords were easy to crack, hackers could easily enter users’ accounts on the bitcoin exchange and start stealing their bitcoins.

So, it can be said that BTC-E managed to dodge a deadly bullet by executing a robust, but lesser-known password hashing strategy for securing user accounts.

BitcoinTalk, the world’s biggest bitcoin discussion forum, was attacked by hackers in May 2015. The forum became the victim of a severe social engineering attack. The event started when one of the employees of NFOrce, BitcoinTalk’s ISP, was targeted by an unidentified hacker.

At the time, forum admin and operator, Theymos, hinted that user information such as private messages, password hashes, emails, etc. could be compromised due to the attack.

Later, it turned out that the stolen data dump with private data of BitcoinTalk users included their birthdays, email addresses, passwords, usernames, secret questions and secret answers, etc.

The compromised data contained information of as many as 499,593 users frequenting the bitcoin discussion forum.

hacked-passwordOut of those 499,593 accounts, 44,869 accounts had MDS hashing enabled along with an additional layer of protection.

LeakedSource managed to crack 68% of those hashed accounts, a total of 30,389 passwords.

The passwords of the remaining accounts (the other 91%) of the bitcoin forum were hashed using “sha256crypt.”

It’s a password storage procedure, which according to LeakedSource, is “far superior” than the ones used by almost every other website they have checked so far.

This is some seriously high praise as it has come from a source that performs the job of unearthing and revealing information about massive data breaches day in day out.

These two incidents prove that although bitcoin websites are rated as the favorite hacking destinations of the cyber attackers, the top sites have technologies ready to fight off the problem.

Comments (No)

Leave a Reply