Article updated on October 7 at 11:00
Popular digital currency forum BitcoinTalk has been hacked by a group calling themselves âThe Hole Seekersâ.
The site is now down, but for a period, it displayed animations of bombs exploding and photos of classical music conductors, all set to the 1812 Overture, which is also the soundtrack to the explosion scene in V for Vendetta.
Toward the end of the animation, a banner was displayed, stating:
âHello friend, Bitcoin has been seized by the FBI for being illegal. Thanks, byeâ
Theymos, the administrator of BitcoinTalk, told CryptoLife.net that the attack was worse than he originally thought.
âThereâs a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but Iâm not sure yet how difficult this would be. Iâm sending out a mass mailing to all Forum users about this,â he explained.
Theymos summarised that the forum will be down for a while and said he thinks that password hashes were not compromised, but he canât be sure at this time.
âPasswords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into bitcointalk.org seems harmless,â he added.
The administrator said the attacker injected some code into $modSettings[ânewsâ], which is the news at the top of the forum pages. Updating news is normally logged, but this action was not, so Theymous believes the update was done in âsome roundabout wayâ and not by compromising an admin account.
âProbably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly,â he added, concluding:
âFiguring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used.) The forum wonât go back up until I know how this was done, so it could be down for a while.â
Reddit forum members have been discussing the payloads involved in the hack â both the HTML source and the Javascript payload. Forum member âsuper3â said he canât see anything that stands out as malicious, but âitsmemaxâ claims the Javascript payload is a bluff.
Michael Parsons, of BitcoinByte.com, said: âWhoever hacked the BitcoinTalk forum has deliberately confused the âillegalityâ of the Silk Road site with bitcoin in general.â
He went on to say bitcoins were seized from Silk Road not because theyâre inherently illegal â which theyâre not â but because they played a part in money laundering.
âAny money, either State fiat or decentralised bitcoin, found during a drug bust would be seized,â Parsons clarified.
He suggested BitcoinTalk may have been hacked in an attempt to undermine the bitcoin protocol, thus damaging confidence in the ecosystem.
âPerversely, I think it will be a benefit to the bitcoin community, as it will encourage debate about bitcoin and how it is not illegal just because some hackers say so,â Parsons concluded.
BitcoinTalk is now up and running again. It went back online on the morning of 7th October (UK time). Some posts on reddit lay blame for the attack at the door of members of the SomethingAwful forum, whereas others are blaming the US government.
One forum member links to a screen shot of IRC, which appears to show a conversation between Theymos and another user, with Theymos stating a SomethingAwful âgoonâ was responsible for the hack. All BitcoinTalk users are advised to change their forum passwords.
