Feeds

Joke no more: Comedy virty currency Dogecoin gets real in big Xmas heist

Wow. So hack. Very theft. Much sorry. Wow

SANS - Survey on application security programs

If you've heard of Dogecoin, maybe you thought it was a joke. A cryptocurrency based on what has been called the meme of the year for 2013, it certainly has all the earmarks of an internet prank. But some people are apparently taking Dogecoin seriously – seriously enough, at least, to steal millions of them from online wallets.

In a move worthy of Scrooge himself, the e-heist took place on Christmas Day. Hackers were reportedly able to compromise the systems of online wallet service Dogewallet and reconfigure the site so that all transactions were rerouted to their own address.

"We're currently looking at logs and have found thousands of attempts to hack our systems," a message posted to Dogewallet's site on Wednesday explained. "Specifically, the attack originated from the hacker gaining access to our filesystem and modifying the send/receive page to send to a static address. We're currently reviewing logs for information."

It's not clear exactly how many Dogecoins fell prey to the incident, but the amount is said to be in excess of 30 million. The value of one Dogecoin is currently estimated at around $0.0006, making the amount stolen worth potentially $18,000 or more in real-world dollars.

In a Reddit post on the matter, Dogewallet's founders say they are scrambling to reimburse users for as much of the lost currency as possible. As The Reg goes to press the big, red "Publish" button on this story, the latest update claims that at least "a few million" Dogecoins have been returned to users so far.

Not everyone in the Dogecoin community buys Dogewallet's explanation, however. In a separate Reddit thread, some users have speculated that the incident may not have been a hack at all, but the result of a deliberate scam designed to bilk gullible users out of their Dogecoins.

Scam or not – and El Reg does not care to speculate on who may have been behind the theft – many Dogecoin fans have argued that most of these losses could have been prevented if Dogewallet users had learned from the example of earlier cryptocurrencies, such as the daddy of them all, Bitcoin.

As recently as November, an Australian man claimed he lost Bitcoin worth more than $1m from an online wallet that was managed by a service called inputs.io. That service has since been taken down, its homepage replaced with a less-than-reassuring apology.

Indeed, even Dogewallet's operators weren't so dreadfully cut up by Wednesday's sad event that they didn't take the opportunity to wag their fingers at some of the service's users.

"Please use offline wallets as online wallets are meant for new users who aren't using them as a storage of coins," they wrote. "Offline wallets are more safe and secure than any online wallet due to possible attacks that can originate from anyone, anywhere."

Anyone, anywhere indeed. Dogewallet has posted the address it believes was the beneficiary of the purloined Dogecoins, but whether that will help recover them is unclear.

As for the future of Dogewallet, it sounds like it doesn't have one. The service is currently shut down and it doesn't seem likely to return.

"We're going to compensate all invested users and as much non-invested user balances as possible and discontinue the website," the operators wrote on Reddit. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.