A security compromise at Linode, the New Jersey-based Linux cloud provider, has warned customers that hackers breached a Web-based customer service portal used by the company and emptied the Bitcoin accounts of eight Linode customers. One Linode customer reports the theft of Bitcoins totalling around $14,000.
In a post on the company blog Friday, Linode acknowledged the incident, which occurred early Wednesday, and said it had isolated the compromised support account, and that no customer credit card information or credentials were taken. However, the attackers appeared to have targeted a handful of Linode customers who used the service to host Bitcoin wallets, allowing them to pilfer thousands in virtual currency.
Linode did not immediately respond to a request for comment from Threatpost.
Bitcoin is a three year-old decentralized virtual cash system that relies on peer to peer networking, digital signatures and cryptographic proofs to trasact payments online. Bitcoins are the units of currency used in payments and are issued by the Bitcoin network.
In a blog post on the Web site bitcoinmedia.com, Marek Palatinus, a Linode customer from the Czech Republic said that a Bitcoin wallet he hosted on Linode was emptied of 3,000 Bitcoins early Thursday.
“Today I woke up to find my hot wallet on the backup server had all its coins stolen,” he wrote.
According to Palatinus and Linode, the attackers exploited a vulnerability in a customer support interface for the Linode Manager application and used it to steal credentials for a support representative. Those credentials were then used to compromise the accounts of select accounts who used Linode to support Bitcoin wallets. Other victims posted (unverified) statements online reporting Bitcoin losses of varying amounts. The Web site bitcoinica.com claimed that its Bitcoin wallet was emptied of 10,000 Bitcoins and asked its customers not to rely on any Bitcoin addresses previously used to fund their Bitcoinica accounts.
“We must assume that the thief has retained private keys associated with old Bitcoin deposit addresses. This would allow them to access any new Bitcoins sent to old deposit addresses,” the message read.
One Bitcoin trades for $4.87, according to the Website Exchangerates24.com.
The attack is just the latest to target Bitcoin users. In June, 2011, unknown hackers compromised Mt. Gox, a leading bitcoin exchange. That incident led to an almost immediate collapse of the online currency. At the time, Bitcoins were trading at around $17 to the Bitcoin. In another inciden, a thief compromised a Windows computer and stole 25,000 Bitcoins, valued at the time at around $500,000.
In September, 2011, a forum used by the Bitcoin community and made off with e-mail adresses and hashed passwords for its participants. There have also been reports of malicious Trojan horse programs being used to help created botnets that can be harnessed to mine bitcoins.
In its statement, Linode said that it “remains committed to ensuring the safety and security of our customers’ accounts.” The company “will be reviewing our policies and procedures to prevent this from ever recurring.”