Bitcoin Inputs.io Australian online wallet service raided by hackers using old email

11 November 2013

An Australian man going under the net name of Tradefortress who runs the Inputs.io Bitcoin (BTC) online wallet service has admitted he’s been hacked by cyber-criminals who’ve stolen 4,100 BTC ($1.3m) and wiped out his operation with insufficient funds to cover users’ losses.

Tradefortress made his admission in a statement on the Inputs.io website and told the ‘TechieNews’ site that the two-pronged attack by hackers used an old email address and emanated from the same source as the recent attack against rival Bitcoin outfit GigaDice.

The news was originally covered by bobsguide last week, but more details about the attack have since emerged, particularly that the cyber-criminals apparently managed to gain access to the Inputs.io BTC wallet via an old email address. Tradefortress told ‘TechieNews’, the hackers launched two separate attacks, negating the two-factor authentication security system in place due to a claimed flaw on the server side.

Online speculation about an ‘inside job’ has claimed that Tradefortress may be responsible, however, after he said he did not intend to report the theft to police, as he didn’t expect any success in tracking the criminals.

The allegations of an ‘inside job’ have been denied in an ‘ABC News’ interview down under. According to a ‘BBC News’ report on the case, Tradefortress also spoke to the ‘Sydney Morning Herald’, about the theft which occurred on 26 October [the hack has only now been admitted in a user message posted on the Inputs.io website]. The Australian newspaper was told: “I know this doesn't mean much but I'm sorry. Saying that I'm very sad this has happened is an understatement. Please don't store Bitcoins on an internet-connected device, regardless if it is your own or a service's," added Tradefortress, in a belated bit of advice for users.

Fear about the security and legality of the usage of the digital Bitcoin currency online have been escalating this year, with US authorities seeking to enforce more control over it and the recent Silk Road shutdown illustrating once again how the virtual currency is sometimes used for criminal ends online.

• To read more about information security matters please visit the bobsguide blogger (aka contributing editors) submissions from ISACA’s Allan Boardman.

By Neil Ainger

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development