Feeds

Linode hackers escape with $70K in daring bitcoin heist

Compromised servers ransacked for digital cash

Internet Security Threat Report 2014

Updated Popular web host Linode has been hacked by cyber-thieves who made off with a stash of bitcoins worth $71,000 (£44,736) in real money.

The crooks pulled off the heist after obtaining admin passwords for Linode's network gear. Having infiltrated its systems, the thieves proceeded to target several Bitcoin-related servers, stealing $15k (£9.45k) from one merchant and more than 10,000 bitcoins ($56k, £35k) from Bitcoinica, a trading exchange for the digital currency. Bitcoinica has promised to reimburse customers for any losses. It said in a statement:

Many of you have heard that several bitcoin services were victims of a recent Linode security breach today. Unfortunately, Bitcoinica is also among the services affected.

On 2012-03-01 at 6:30 UTC, our "hot wallet" hosted at Linode and containing over 10,000 BTC was emptied. The unauthorized access is consistent with that experienced by other bitcoin services, described by Linode as unauthorized access from Linode's "customer support interface".

Punters should avoid using any bitcoin addresses previously used to fund their Bitcoinica accounts, Bitcoinica advises:

We must assume that the thief has retained private keys associated with old bitcoin deposit addresses. This would allow them to access any new bitcoins sent to old deposit addresses. As of now, our website will only display new deposit addresses which are not affected by this. However any old bitcoin addresses which you may have recorded for convenience should never be used ever again. This is the most important thing.

Linode admitted it had been compromised and issued a statement to say the digital safety deposit boxes of eight customers had been ransacked. It promised to review and improve its security procedures in the wake of the hack:

This morning, an intruder accessed a web-based Linode customer service portal. Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted. All activity via the web portal is logged, and an exhaustive audit has provided the following:

All activity by the intruder was limited to a total of eight customers, all of which had references to "bitcoin". The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified. If you have not received a notification then your account is unaffected. Again, only eight accounts were affected.

The portal does not have access to credit card information or Linode Manager user passwords. Only those eight accounts were viewed or manipulated - no other accounts were viewed or accessed.

Security is our number one priority and has been for over eight years. We depend on and value the trust our customers have placed in us. Now, more than ever, we remain committed to ensuring the safety and security of our customers' accounts, and will be reviewing our policies and procedures to prevent this from ever recurring.

Bitcoins are a form of electronic currency that can be exchanged for real cash. The system relies on public-key cryptography and peer-to-peer networking to transfer the coins between users' wallets. Isolated incidents of cyber-crooks using number-crunching botnets to generate bitcoins were detected last year.

Some miscreants appeared to have moved over to stealing bitcoins directly but it's unclear whether the smash-and-grab raid against Linode is a one-off, or the start of a new tactic in cybercrime. ®

Updated to add

Although Bitcoinica's official statement says over 10,000 BTC were stolen, the actual total appears to be 43,554 BTC.

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.