Business 11 months agoAdmin
Reddit investigates r/btc hack where users’ Bitcoin Cash were stolen
The hacker targeted third party vendor Mailgun to intercept password reset emails.
After several reports of users in the r/btc channel complaining about receiving password reset emails—and confirmation of the resets—despite not initiating them, Reddit decided to investigate and found out that there was indeed, a hack.
The Reddit announcement says that the hacker managed to intercept password reset emails through their third party provider Mailgun. According to Mailgun’s statement, the hacker first gained access to an employee’s account.
“At that point in time, we were able to determine that the root cause was due to a Mailgun employee’s account being compromised by an unauthorized user. We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application.”
The r/btc channel has a tipbot called Tippr (u/tippr) which allows users to tip other users for comments, if they deem that an upvote is not enough. This then transfers a certain amount of Bitcoin Cash (BCH) from the tipper’s wallet to the commenter’s. Some of these BCH wallets connected to the tipbot were robbed.
Apart from that, the hacker also took over moderator u/todu’s account to make several changes to the channel such as changing the stylesheet to point to r/bitcoin, the channel for legacy chain BTC—which has been in constant rivalry with Bitcoin Cash.
Reddit infrastructure leader u/gooeyblob says that the estimated number of affected accounts is low, and that the issue has been resolved.
“We are continuing to work with Mailgun to make sure we have identified all impacted accounts. At this time, the overall number of confirmed impacted users is less than twenty. For those affected, we have resolved the issue and assisted in account recovery.”
Those who are affected would have received a notification email from Mailgun, and are advised to follow precautionary measures.
“If you were notified that your account was affected, we advise that you do the following to protect your account from unauthorized access:
1) Rotate your Mailgun API keys (click here for more info on how this process works)
2) Change your SMTP username and passwords (this article shows you where to manage your SMTP credentials)”.
Note: Tokens in the SegWit chain are referred to as SegWit1X (BTC) and SegWit Gold (SWG) and are no longer Bitcoin. Bitcoin Cash (BCH) is the only true Bitcoin as intended by the original Satoshi white paper. Bitcoin BCH is the only public block chain that offers safe and cheap microtransactions.
Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.
Business 9 hours ago
Blockchain startup raises $24M for digital rights management
Bluecoat, a blockchain company specializing in digital rights and royalties distribution, has already raised $24.25 million in funding, with notable personalities in the music industry assisting with the funding. In its press release, the company ...
Business 10 hours ago
Bitmain shuts down Israel office, leaving all 23 employees jobless
After nearly three years of activity, Chinese crypto mining giant Bitmain is reportedly ceasing its Israeli operations this week. Citing sources familiar with the matter, Israeli news outlet Globes reported on Monday that Bitmain’s development ...
Business 14 hours ago
Warning: Scam site mimicking SVPool.com
We're sending a warning to people in and out of the crypto industry. There is a website trying to cheat unsuspecting users looking to visit SVPool.com. The individual or group is utilizing a common tactic ...