Cyber Incident Victim: Bitcointalk.org
Date:
May 2015
Location:
United States of America
Summary
A Bitcoin exchange and the largest Bitcoin discussion forum experienced security breaches compromising user data. The forum's breach exposed nearly 500,000 users' personal information including usernames, email addresses, passwords, birthdates, secret questions, and hashed secret answers. While 9% of compromised passwords used MD5 hashing with unique salts—68% of which were successfully cracked—the remaining 91% employed more secure sha256crypt hashing, estimated to require approximately one year to crack 60-70% of those passwords. The incident highlighted significant differences in password storage security, with the majority of users benefiting from robust cryptographic protection despite the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2015, Bitcointalk.org, recognized as the largest Bitcoin discussion forum globally, suffered a data breach compromising 499,593 user accounts. The attackers exfiltrated usernames, email addresses, passwords, birthdays, secret questions, hashed secret answers, and unspecified internal operational data. Forum administrators acknowledged the intrusion, though the specific intrusion vector and attacker identity remained undisclosed in available reporting. LeakedSource.com, a breach notification service, provided technical analysis of the exposed credentials. The breach represented a significant exposure of sensitive user information within the cryptocurrency community, given the forum’s prominence as a hub for technical discussions, market analysis, and project announcements. No evidence indicated direct financial theft from user accounts via this breach, unlike parallel compromises affecting cryptocurrency exchanges during the same period. The incident underscored persistent targeting of cryptocurrency infrastructure by malicious actors seeking both operational intelligence and credential datasets for potential reuse.
Analysis of the password storage practices revealed divergent security postures. Only 44,869 accounts (9% of breached users) employed MD5 hashing with unique salts for password protection. LeakedSource.com successfully cracked 30,389 (68%) of these MD5-hashed passwords, demonstrating the algorithm’s vulnerability to modern cracking techniques. The remaining 454,724 accounts (91%) utilized sha256crypt hashing, a substantially more robust method incorporating multiple iterations and salt. LeakedSource estimated requiring approximately one year to crack 60-70% of these sha256crypt-protected passwords, acknowledging this implementation exceeded the security standards observed in most contemporary breaches. The inclusion of hashed secret answers and birthdays further expanded potential attack surfaces, enabling targeted credential stuffing or social engineering against users employing similar security questions elsewhere. The breach’s impact extended beyond immediate credential compromise, exposing ancillary personal data that could facilitate identity theft or phishing campaigns tailored to cryptocurrency enthusiasts.