The price of Bitcoin has just hit $860 and social engineers are at it again. The attacker who recently hacked Bo Shen’s account draining his REP and ETH funds, though some were later recovered, has been named in yet another hit on the Ethereum forum on December 16.
Ethereum says the hacker gained unauthorized access to a database backup from April 2016 from forum.ethereum.org which contains information of about 16,500 forum users including both public and private messages of users, IP-addresses, usernames, email addresses and profile information.
The hacker also accessed hashed passwords - ~13k bcrypt hashes (salted); ~1.5k WordPress-hashes (salted); and ~2k accounts without passwords (used federated login), the Ethereum post says.
Social engineering was used here to gain access to mobile phone numbers and subsequently to accounts. It was the same attack as the Shen hack that caused the Poloniex Augur market to bottom at the price level of 0.0001 BTC for one REP despite the average price of 0.0035 in the previous period.
According to a Kraken exchange post which was recommended on the Ethereum page to help users secure their accounts more, social engineers use one’s number to gain access to every account owned that utilizes phone-based authentication and account recovery such as email. They will then use that access and information to compromise more accounts, in order to harass, steal, blackmail and extort.
The Ethereum people say they have closed the unauthorized access points involved in the leak and are enforcing stricter security guidelines internally such as removing the recovery phone numbers from accounts and using encryption for sensitive data as well as resetting all forum passwords, effective immediately.
However, the emphasis is on securing wallets as anyone can get hacked. Protecting ourselves from these attacks should be paramount at this crucial moment when the price of Bitcoin seems to be rising at a very high speed. There aren’t any foolproof solutions to securing cryptocurrency funds at the moment.
Like we all know, the higher the price of Bitcoin goes, the greater the interest from various quarters - including those who are coming up with sophisticated ways to steal coins.
Ethereum recommends that you ensure your passwords are not reused between services while information from Kraken says you need to focus on securing your mobile phone number.
Follow us on Facebook