Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Hijack Leads To Bitcoin Heist

Posted by timothy on Friday March 8, 2013 @06:51PM from the don't-make-trouble-nobody-gets-hoit dept.

First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."

1 of 126 comments (clear)

Min score:

Reason:

Sort:

Level Three Attack by Anonymous Coward · 2013-03-08 19:21 · Score: -1, Offtopic

On my ranking site (Gibson Index), I rated this a Level Three Attack, but I think the submitter is wrong to say there was poor security. By all accounts, if they were any less secure, they would have lost tens of thousands more. It just happened that *one* of their exchange accounts did not have 2FA, because they weren't aware that that vendor had added support for it.
BitInstant's full blog post has more details: http://blog.bitinstant.com/blog/2013/3/4/events-of-friday-bitinstant-back-online.html