Business 10 January 2018

Cecille de Jesus

Reddit investigates r/btc hack where users’ Bitcoin Cash were stolen

The hacker targeted third party vendor Mailgun to intercept password reset emails.

After several reports of users in the r/btc channel complaining about receiving password reset emails—and confirmation of the resets—despite not initiating them, Reddit decided to investigate and found out that there was indeed, a hack.

The Reddit announcement  says that the hacker managed to intercept password reset emails through their third party provider Mailgun. According to Mailgun’s statement, the hacker first gained access to an employee’s account.

“At that point in time, we were able to determine that the root cause was due to a Mailgun employee’s account being compromised by an unauthorized user. We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application.”

The r/btc channel has a tipbot called Tippr (u/tippr) which allows users to tip other users for comments, if they deem that an upvote is not enough. This then transfers a certain amount of Bitcoin Cash (BCH) from the tipper’s wallet to the commenter’s. Some of these BCH wallets connected to the tipbot were robbed.

Apart from that, the hacker also took over moderator u/todu’s account to make several changes to the channel such as changing the stylesheet to point to r/bitcoin, the channel for legacy chain BTC—which has been in constant rivalry with Bitcoin Cash.

Someone hacked the account /u/todu which was a mod here to point users to /r/bitcoin from btc

Reddit infrastructure leader u/gooeyblob says that the estimated number of affected accounts is low, and that the issue has been resolved.

“We are continuing to work with Mailgun to make sure we have identified all impacted accounts. At this time, the overall number of confirmed impacted users is less than twenty. For those affected, we have resolved the issue and assisted in account recovery.”

Those who are affected would have received a notification email from Mailgun, and are advised to follow precautionary measures.

“If you were notified that your account was affected, we advise that you do the following to protect your account from unauthorized access:

1) Rotate your Mailgun API keys (click here for more info on how this process works)

2) Change your SMTP username and passwords (this article shows you where to manage your SMTP credentials)”.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

‘Irresponsible tweets’ land John McAfee in hot water with Skycoin

Business 22 March 2019

‘Irresponsible tweets’ land John McAfee in hot water with Skycoin

Skycoin has responded on Twitter that it John McAfee’s comments about “whale f--king” that actually led to the project being forced to sever ties with the cryptocurrency influencer.

Read More
Watch out: Fake Wasabi crypto wallet out to steal your crypto

Business 22 March 2019

Watch out: Fake Wasabi crypto wallet out to steal your crypto

The scam wallet is an uncanny clone of the real Wasabi wallet. It comes with a fake website and for those who are not keen, it's almost impossible to distinguish between it and the real one.

Read More
UPS partners with blockchain startup for B2B platform

Business 22 March 2019

UPS partners with blockchain startup for B2B platform

UPS, a global leader in logistics, announced a partnership with Inxeption that targets B2B merchants.

Read More