14 DAY TRIAL // Bitcointalk.org, the popular Bitcoin discussion forum, has been hacked and defaced. The site has been taken down by administrators while the full extent of the hack is investigated.
Hackers calling themselves “The Hole Seekers” appear to be behind the attack. On Wednesday, visitors of Bitcointalk were presented with an animated page that played music while displaying rockets, and explosions.
According to Bitcointalk admin Theymos, the JavaScipt injected into the site appears to be harmless, but it’s possible that the hackers gained access to the database.
“There's a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I'm not sure yet how difficult this would be,” Theymos noted on Reddit.
Fortunately, several backups exist, so the website will be restored, but the process might take a while.
As far as passwords are concerned, the Bitcointalk administrator says he “feels” the hashes have not been compromised, but he can’t be certain. That’s why users are advised to change their passwords in case they utilize the same one on other websites.
“The attacker injected some code into $modSettings['news'] (the news at the top of pages). Updating news is normally logged, but this action was not logged, so the update was probably done in some roundabout way, not by compromising an admin account or otherwise ‘legitimately’ making the change,” Theymos explained.
He added, “Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly.”
He says the website will not be restored until he figures out precisely what vulnerability the hackers leveraged. He’s offering 50 Bitcoin to the first individual who can pinpoint the security hole.
In the meantime, check out a video with the hacked website:
