Advertise with us (we do not endorse any site advertised)

Author Topic: Events of Friday - BitInstant Back Online  (Read 2700 times)

0 Members and 1 Guest are viewing this topic.

Offline bitcoinforum.comTopic starter

  • Administrator
  • Legendary Member
  • *******
  • Joined: Nov 2011
  • Location:
  • Posts: 1497
  • Country: bz
  • Thanked: 52 times
  • Karma: +40/-1
  • Gender: Male
  • The Bitcoin genie is already out of the bottle.
    • View Profile
    • Events of Friday - BitInstant Back Online
« on: March 05, 2013, 07:05:10 PM »
Events of Friday - BitInstant Back Online

Afternoon folks!

As many of you know, BitInstant was down starting Thursday evening and was turned back on today (Monday) with a limited relaunch.

None of your personal or transactional information has been leaked. We keep all that data offline to protect everyones privacy.

Over the weekend the BitInstant team has been hard at work securing our system from a sophisticated attack on Thursday evening. Overall, due to major choke points and redundancies in our system, the hacker was only able to walk away with $12,480 USD in BTC, and send them in 3 installments of 333 BTC to bitcoin addresses.


We've long been targeted by someone using social engineering tactics to attempt to compromise our various accounts at exchanges, with our hosting provider Amazon AWS and even on my personal accounts, mostly without success. At no time have we ever had a single system or account compromised through technical means, or indeed at all before yesterday. For the sake of convenience I'll refer to this mystery person as simply "the attacker". This individual was only successful due to the failure of the staff at our domain registrar as I will explain below, we intend to move to a more secure registrar ASAP.

What happened:
The attacker contacted our domain registrar at Site5 posing as me and using a very similar email address as mine, they did so by proxying through a network owned by a haulage company in the UK whom I suspect are innocent victims the same as ourselves. Armed with knowledge of my place of birth and mother's maiden name alone (both facts easy to locate on the public record) they convinced Site5 staff to add their email address to the account and make it the primary login (this prevented us from deleting it from the account). We immediately realized what was going on, and logged in to change the information back. After changing this info and locking the attacker out, overnight he was able to revert my changes and point our website somewhere else. Site5 is denying any damages, but we suspect this was partly their fault.

After gaining access, they redirected DNS by pointing the nameservers to in germany, they used hetzner's nameservers to redirect traffic to a hosting provider in ukraine. By doing this, he locked out both my login and Gareths's login and they used this to hijack our emails and reset the login for one exchange (VirWox), enabling them to gain access and steal $12,480 USD worth of BTC. No other exchanges were affected due to either Mult Factor Authentication, OTP, Yubikey's and auto lockdowns.

The hacker was also able to pull a few hours of internal company emails. However due to mandatory PGP encrytion between members of our company and tools like Cryptocat, sensitive information was not breached.  Information about the attacker:

Based on their general MO, the attacker is not highly technically skilled but is sneaky enough to cover their tracks. Some of the hosting providers they directed our domain at may have billing information, but such billing information is likely a stolen card. Geographically, I would personally suspect them to be Russian, based on the choice of providers and based on past fruitless attempts that clearly were of Russian origin. They seem focused on me in particular and have tried many times to gain access to my accounts (both personal and business) Other parties involved (the attacker used these parties in some way): - email provider - nameservers for the first attempt were hosted here - hosting provider involved in the first hijack - mail provider which was involved in the email hijack
Circle Express Ltd - their network was used as a proxy, the actual IP is registered to BT PLC but is used by Circle Express on a business line of some variety.

So, we wanted to provide this update in order to continue our practice of transparency, but also as a lesson to the community - you must be ever-vigilant in making security your top priority. We outline many more of our security protocals here: Thanks for your patience, support, and trust during these times. 

- The Team @ BitInstant.
"Your keys, your Bitcoin. Not your keys, not your Bitcoin." (Andreas Antonopoulos)
Latest stable Bitcoin version
Latest stable Electrum version

Offline iBits

  • Sr. Member
  • ***
  • Joined: Sep 2012
  • Posts: 327
  • Country: 00
  • Thanked: 1 times
  • Karma: +8/-3
  • Gender: Male
    • View Profile
    • Bitcoin World
  • Bitcoin Address: 1NRpZxnLz9399ABvefR1ymxeCeRcv5waGs
Re: Events of Friday - BitInstant Back Online
« Reply #1 on: March 06, 2013, 09:40:36 AM »
When is that debit card expected??


HEADS UP: Bitinstant Allowing Bitcoins to be Purchased from 700,000 Locations

Started by

Replies: 6
Views: 7021
Last post May 24, 2012, 12:12:32 AM
BitInstant welcomes Alex Waters to its NY team

Started by

Replies: 0
Views: 2756
Last post November 28, 2012, 04:26:13 AM
Is BitInstant working? When was your last successful purchase?

Started by daylight

Replies: 4
Views: 2278
Last post April 09, 2013, 08:17:42 PM
by anglik666
BitInstant's turned into a scam.

Started by CmdrKeen

Replies: 2
Views: 1686
Last post October 16, 2013, 04:25:57 PM
by danne
Virtex! A new online crypto currency trading platform

Started by Virtex

Replies: 9
Views: 8522
Last post December 05, 2014, 04:02:47 PM
by Virtex

your ads here