Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
An ongoing investigation has revealed multiple allegations that hot wallets from users of popular subreddit r/btc were hacked through Tippr, resulting in thousands of dollars worth of bitcoin cash (BCH) stolen. Early theories assumed this to be a new low in the so-called Civil War between supporters of bitcoin core and BCH.Â
Also read: African Central Banks Urged to Ditch Dollar and Buy Bitcoin
Bitcoin Civil War Mightâve Gotten Uglier
Using a previously unknown third-party vulnerability, users of Redditâs increasingly popular subreddit forum, /r/btc, a discussion board which often features positive comments by bitcoin cash supporters, were hacked for thousands of BCH.
Reddit is a news aggregator fueled by subreddit discussion boards which fill every kind of topic niche. It is owned by media conglomerate Advance Publications, and is routinely in the top ten most visited websites.
The attacks were seemingly so base, early thinking went toward an inside job. Perhaps a rogue Reddit admin had snatched bitcoin cash, came an initial theory. In the final month of last year, /r/btcâs moderator and a user who happened to work in the malware field were made vulnerable and hacked. For about half an hour, the subreddit itself was redirected to r/bitcoin. And then a half dozen other bitcoin cash-favoring forum users were compromised, especially those tipped through Tippr.
The conspiracies began. Obviously, bitcoin core supporters had taken to ire, doing so as a new low. They might hate bitcoin cash, but no one turns down free money.
50,000 USD of BCH Flowed Through Tippr in December
Tippr is a bot used on Reddit for the purposes of tipping users in BCH. Tippers send the bot a deposit, and then comment, noting theyâre using u/tippr. An example might be: âGreat point u/tippr $3.â The bot will chime in, confirming the tip. The recipient must have a BCH wallet, and then message the bot in return, listing the BCH wallet address and include the amount. The bot dutifully answers in confirmation, and so the recipient can now access funds. Estimates in the upwards of 50,000 USD worth of BCH has flowed through the bot in December of last year. The culprit evidently was tracking such public posts, causing Tippr to go dark, pending results, as the developer learned of the investigation.
The attack came as a reset from Reddit in email form. Immediately another email confirmed the password changeâŠeven if the email hadnât opened for whatever reason. âMy email provider is a very large provider with a name we all know,â a hacked user explained. âLogging is provided and there was no suspicious activity on my email account. My email account also has 2FA. The emails sent by reddit (first one âclick here to change your passwordâ second one âyour password has been changed) were unopened in my inbox.ââ
Whatever the case, this does appear to be something of a new kind of attack allowing access to Reddit accounts, a vulnerability hitherto unknown. It now could at least be plausible NEITHER a Reddit employee was on the make or a dastardly bitcoin core jihadist was involved.Â
It turns out one or the other mightâve been sufficient but not a fully necessary condition to launch the attacks. Tippr is the common denominator, and where there is money to be taken no other motive need be ascribed. Tippr is used not only on Reddit forums but also on Twitter.
Conspiracy Sufficient But Not Necessary
The botâs creator, Rob Danielson, mused it was probably âsomeone [who] realized they had an opportunity to make a quick buck.â Through private messaging via Reddit, accounts gave up as much as $4,000 total worth of bitcoin cash. Once the incidents were discovered, Mr. Danielson disabled the bot for Reddit.
For its part, Reddit is pointing fingers at its automated email subcontractor Mailgun. Though the number of users impacted was roughly a dozen, someone could gain access to resetting emails through Mailgun, a potentially huge problem for Reddit going forward. The hacker could not access Reddit proper nor a userâs email account, they claim. Reddit has since dropped Mailgun in favor of its own server. Mailgun believes âless than 1% of our customer base was potentially affected.â Tippr is now available again on Reddit.
A Reddit engineer did finally respond to multiple requests by users for public comment. âThanks for reporting â weâre not ignoring. This was reported privately via security at [Reddit] and weâve been investigating.â
Moderator of /r/btc, Bitcoinxio, noted Reddit maybe âneeded a kick in the butt after all this publicity about the hacks in the past couple days, but weâve been telling them about the hacks now for some time,â he wrote. âI wouldnât be surprised if the other hacks are related in some way or there are other exploits which they havenât even investigated because they are ignoring our concerns and just shrugging them off.â
What are your thoughts on the bitcoin cash hacks? Let us know in the comments section below.
Images courtesy of Pixabay, Reddit, Tippr.
Need to calculate your bitcoin holdings? Check our tools section.
The post Bitcoin Cash Reddit Tip App Users Hacked for Thousands appeared first on Bitcoin News.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.