Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Hijack Leads To Bitcoin Heist

Posted by timothy on from the don't-make-trouble-nobody-gets-hoit dept.

First time accepted submitter FearTheFez writes "Social Engineering and poor DNS Security lead to a Bitcoin heist worth about $12000. Bitcoin broker Bitinstant was robbed after thieves managed to take over ownership of their domains. While Bitinstant claims that no customers lost any money, without 2 factor authentication all it took was a place of birth and a mothers maiden name to gain access. This looks like poor security from everyone involved."

11 of 126 comments (clear)

  1. The most likely suspect is... by Anonymous Coward · · Score: 5, Funny

    Bitinstant's mother. She knows both her maiden name and his birthdate, probably.

  2. Re:Conviction for stealing bitcoins by Zemran · · Score: 5, Insightful

    I do not think that any court or official government body recognizes your television as being a legitimate currency but I can be prosecuted for stealing it. If it has value to the owner, it can be stolen.

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
  3. Re:Non story by mkraft · · Score: 5, Interesting

    If a standard currency exchange was robbed for $12,000 we would not even read the story. This is a trivial crime and of little interest. It serves more as a warning rather than as a bank robbery story. I hope that those that are concerned learn from this but if this is the crime of the century in the Bitcoin world then they are doing really well.

    No, the Bitcoin crime of the century was last year when the same server was hacked twice, to a tune of several hundred thousand dollars, as mentioned in TFA. Bitcoin hacks are becoming more and more common, so it's only a matter of time before that amount is surpassed.

    Personally I don't see the point of bitcoins. I don't pay for everything in cash in the real world because it lacks the protections that other payment methods have. I don't see a reason to use a digital equivalent of cash in the online world. Bitcoins' anonymity might be it's biggest strength, but it's also it's biggest weakness.

  4. Re:Non story by philip.paradis · · Score: 4, Informative

    There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well. For the holding part, new solutions providers such as Coinbase are starting to focus on merchant gateway style solutions. Progress is being made.

    --
    Write failed: Broken pipe
  5. Re:Conviction for stealing bitcoins by aztracker1 · · Score: 4, Insightful

    It's wire fraud. Nobody needs to recognize the currency to prosecute for that.

    --
    Michael J. Ryan - tracker1.info
  6. Re:Non story by Pentium100 · · Score: 4, Insightful

    There's nothing stopping you from conducting a Bitcoin transaction in person, aside from the other party needing to hold and/or be able to receive BTC as well.

    Yes, but if the transaction is in person, I might as well use cash. Neither me nor him would need an internet connected device to send/receive money and no need to wait for confirmations.

    One day Bitcoin may be really convenient, but right now it is too much like cash for online use and too much like a wire transfer (or paypal) for in person use.

  7. Re:Conviction for stealing bitcoins by Troed · · Score: 4, Informative

    The court ruled that:

    *) Virtual items have value in virtual of the effort and time invested in obtaining them
    *) The value in Virtual items is recognised by those that play the game (including the defendents who went to the trouble to take them)
    *) The Virtual items were under the exclusive control of the player – who was relieved of this control

    The court made reference to cases of electricity theft which is a similar intangible good but certainly has properties of power and control, and consequently can be stolen.

    http://www.virtualpolicy.net/runescape-theft-dutch-supreme-court-decision.html

    --
    it's in my head
  8. Re:Conviction for stealing bitcoins by TsuruchiBrian · · Score: 5, Informative

    bitcoins aren't data per se. A person's private key for their bitcoin wallet that is used to transfer ownership of bitcoins is data. It's just a long number. The proof of work used to establish a bitcoin is data. The transaction history of each bitcoin is data.

    A bitcoin is more than just the data underlying it. There are may thousands of copies of each bitcoin, but at any given time only one person has the authority to transfer a bitcoin to someone else.

    A bitcoin itself cannot be copied. To copy a bitcoin would mean copying it's ability to be spent (allowing it to be spent twice). This would ruin any currency. And much of the design of bitcoin is prevention of double spending.

    This is similar to how xeroxing your bank statement doesn't double the amount of money you have in the bank.

  9. Re:Non story by athmanb · · Score: 4, Insightful

    One hour? If "ease of use" means to have to wait a full hour for confirmation whether the purchase of your coffee went through or not I think I'd rather use cash...

  10. Stengthen your security. by MrL0G1C · · Score: 4, Insightful

    Mothers maiden name: 9zimu8sj4q99uf
    Place of birth: wj9awitkj4girc

    If you use real details, you're a fool.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  11. crime doesn't pay by PopeRatzo · · Score: 4, Funny

    One of the thieves was later seen at the racetrack, trying to put down 1024 bitcoins on a horse in the third race.

    He was apprehended and later sentenced to 10 years of ridicule without possibility of parole.

    --
    You are welcome on my lawn.