Coindesk Logo

BitcoinTalk forum hacked by 'The Hole Seekers'

BitcoinTalk forum hacked by 'The Hole Seekers'

BitcoinTalk forum hacked by 'The Hole Seekers'

Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves "The Hole Seekers".

Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves "The Hole Seekers".

Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves "The Hole Seekers".

AccessTimeIconOct 3, 2013, 2:19 PM
Updated Sep 2, 2021, 11:10 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Article updated on October 7 at 11:00

Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves "The Hole Seekers".

The site is now down, but for a period, it displayed animations of bombs exploding and photos of classical music conductors, all set to the 1812 Overture, which is also the soundtrack to the explosion scene in V for Vendetta.

Toward the end of the animation, a banner was displayed, stating:

"Hello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, bye"

Theymos, the administrator of BitcoinTalk, told CryptoLife.net that the attack was worse than he originally thought.

"There’s a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I’m not sure yet how difficult this would be. I’m sending out a mass mailing to all Forum users about this," he explained.

Theymos summarised that the forum will be down for a while and said he thinks that password hashes were not compromised, but he can't be sure at this time.

bitcointalk-hacked

"Passwords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into bitcointalk.org seems harmless," he added.

The administrator said the attacker injected some code into $modSettings['news'], which is the news at the top of the forum pages. Updating news is normally logged, but this action was not, so Theymous believes the update was done in "some roundabout way" and not by compromising an admin account.

"Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly," he added, concluding:

"Figuring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used.) The forum won’t go back up until I know how this was done, so it could be down for a while."

Reddit forum members have been discussing the payloads involved in the hack – both the HTML source and the Javascript payload. Forum member 'super3' said he can't see anything that stands out as malicious, but 'itsmemax' claims the Javascript payload is a bluff.

Michael Parsons, of BitcoinByte.com, said: "Whoever hacked the BitcoinTalk forum has deliberately confused the 'illegality' of the Silk Road site with bitcoin in general."

He went on to say bitcoins were seized from Silk Road not because they're inherently illegal – which they’re not – but because they played a part in money laundering.

bitcointalk-bye

"Any money, either State fiat or decentralised bitcoin, found during a drug bust would be seized," Parsons clarified.

He suggested BitcoinTalk may have been hacked in an attempt to undermine the bitcoin protocol, thus damaging confidence in the ecosystem.

"Perversely, I think it will be a benefit to the bitcoin community, as it will encourage debate about bitcoin and how it is not illegal just because some hackers say so," Parsons concluded.


Update:

BitcoinTalk is now up and running again. It went back online on the morning of 7th October (UK time). Some posts on reddit lay blame for the attack at the door of members of the SomethingAwful forum, whereas others are blaming the US government.

One forum member links to a screen shot of IRC, which appears to show a conversation between Theymos and another user, with Theymos stating a SomethingAwful "goon" was responsible for the hack. All BitcoinTalk users are advised to change their forum passwords.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.