BitInstant becomes latest bitcoin theft victim
06 March 2013 | 9045 views | 0
Using simple social engineering techniques, an attacker has managed to steal around $12,500 in bitcoins from virtual currency exchange BitInstant.
BitInstant went offline over the weekend before reappearing on Monday with a blog post explaining the attack.
According to the post, an attacker contacted the site's domain registrar - proxying through a network owned by a UK haulage company - posing as the writer and using a "very similar" e-mail address.
Armed with details of the writer's place of birth and mother's maiden name, presumably found online, the attacker convinced the domain registrar, Site5, to add their e-mail address to the account and make it the primary login.
After gaining access, the attacker managed to steal $12,480 worth of bitcoins and send them in three instalments to other bitcoin addresses.
However, says the post, various security measures, such as multi-factor authentication and auto lockdowns prevented any more theft and no personal or transactional information from users has been leaked.
The attack is just the latest in a long line of thefts from various bitcoin exchanges over the last couple of years, highlighting the security hurdles the technology poses.
Despite this, the virtual currency has been riding a wave in recent weeks, hitting a record price of more than $46 as speculation mounts that it is set to break into the mainstream, boosted by a deal between MT. Gox and CoinLab which should see an expanded USD presence.