(2013)

Inputs.io

1000 BTC
image-right

Year

2013

Network

Bitcoin

Country

Founder

Incident Name

Inputs.io Hack

Effect

Two attacks totaling about 4100 BTC have left Inputs.io unable to take care of users’ balances

Outcome

The website is making an attempt to pay back its clients who had more than 1 BTC from its own account and also from the coins they had in “cold storage” – an electronic wallet which was not connected to the net

Type

Phishing Attack with Server-Side Security Bypass

Money Impact

Loss in 2013: $1.2 million

Causes

The attacker compromised the hosting account through compromising email accounts. The attacker was able to bypass 2FA due to a flaw on the server host side

Affected user/account

Recovery Efforts

Limited recovery efforts were made. Users with large balances received partial compensation.

Regulatory Response

TradeFortress expressed regret but offered limited explanation or compensation.

Market Impact

Loss in 2013: $1.2 million

Technological Details

Investigation Details

Insurance Coverage

Public Relations Response

Lesson Learned

Importance of robust email security practices (2FA, strong passwords), vulnerability of hot wallet storage, need for transparency and communication during security incidents.

Ownership Transfer TX

Incident Review

In November 2013, Inputs.io, a popular Bitcoin wallet service at the time, suffered a major hack. This incident significantly impacted the fledgling cryptocurrency ecosystem, raising concerns about security and highlighting the vulnerability of early adopters.

Background and Incident Details:

Inputs.io offered online storage for Bitcoin holdings, promising a user-friendly interface and secure transactions. However, security measures proved inadequate. Hackers exploited two key vulnerabilities:

Compromised Email Accounts: Attackers gained access to user email accounts, likely through techniques like phishing. These emails, some of them old and lacking strong authentication (2FA), were used to reset passwords and gain access to the Inputs.io hosting account.

Server-Side 2FA Bypass: Even though Inputs.io offered two-factor authentication, a flaw on the server-side allowed hackers to bypass this security measure.

Impact Analysis:

The hack resulted in the theft of approximately 4,100 Bitcoins, valued at over $1 million at the time. This represented a significant loss for Inputs.io, forcing it to shut down permanently.

The immediate impact included:

Loss of User Trust: The incident shattered user trust in Inputs.io, highlighting the risks associated with online cryptocurrency storage.

Market Uncertainty: The hack contributed to a period of uncertainty in the young cryptocurrency market, raising concerns about the overall security of Bitcoin.

Response and Resolution:

Inputs.io had limited options due to the severity of the hack.

Shutdown and Communication: The service shut down and informed users about the incident.

Limited Reimbursement: Attempts were made to partially reimburse users with significant holdings from remaining company funds.

Law Enforcement: Due to the nascent nature of cryptocurrency regulation, limited law enforcement action was likely taken.

Security and Compliance:

The hack exposed critical security shortcomings at Inputs.io:

Weak Email Account Security: The lack of strong authentication on user email accounts proved to be a major vulnerability.

Insufficient Server-Side Security: The server-side 2FA bypass exposed a critical security flaw that should have been addressed.

Broader Implications for the Cryptocurrency Community:

The Inputs.io hack served as a wake-up call for the cryptocurrency community, prompting changes in industry practices:

Enhanced Security Measures: Exchanges and wallet services prioritized robust security measures, including stricter password protocols and improved server-side security.

Focus on Cold Storage: The importance of cold storage, keeping Bitcoin offline, gained traction to minimize online theft risks.

Conclusion:

The Inputs.io hack highlighted the vulnerabilities of early cryptocurrency platforms. Lessons learned include:

The importance of robust security measures across the entire infrastructure, including user accounts and server-side operations.

The need for user education on strong password hygiene and account security.

The potential role of regulation in setting security standards for cryptocurrency businesses.

Additional Insights:

Security experts emphasize the importance of ongoing vigilance in the evolving threat landscape. By adopting best practices and fostering user awareness, the cryptocurrency community can build a more secure and trusted future.

Links

https://cointelegraph.com/news/bitcoin_website_inputs_io_lost_1m_when_hackers_attacked_two_times, https://99bitcoins.com/bitcoin-wallet-service-inputs-io-hacked-by-thief-who-stole-4100-btc/

UEEx makes trading easier

Join the official Telegram Channel

©2024, UEEx All Rights Reserved FINTRAC Registered