Researchers have discovered a complex phishing scheme aimed at collecting user credentials from various Bitcoin-related services which under a closer scrutiny led back to a known bulletproof hosting firm. IT Security Experts commented on this research below.
David Jevans, Vice President of Mobile Security at Proofpoint:
“Bitcoins are largely untraceable and can be transferred to any country and any currency without going through banks which is why hackers are going after them. Stealing bitcoin wallet or exchange passwords is equivalent to stealing cash. Once the bitcoins are sent from the wallet, there is no way to get them back.
Individuals and organisations can guard against such attacks by using two factor authentication (e.g. a text on your cellphone as well as your password) to log into your online bitcoin wallet or bitcoin exchange account. If the service you use does not offer two factor authentication, consider changing to a different service.”
Bryan Burns, Vice President of Threat Research at Proofpoint:
“The very characteristics of bitcoin that make it so popular (that it is largely anonymous and untraceable, and not controlled by any government or financial company) make it equally appealing to thieves. Unlike your bank account, which is actively monitored by your financial institution to guard against fraud, and has many checks and safeguards to keep your money safe, bitcoins really are much more like cash in a wallet. Much easier to steal, impossible to recover, and much less likely to be detected and prosecuted. Couple that with the fact that most underground services are paid for using bitcoin (meaning the threat actors are both savvy with bitcoins, and have lots of things to spend their bitcoins on) makes bitcoins a very tempting target for theft.”