The stock hackers again came "breaking" ...

or another bitcoin exchange hacked.

“ Day of the dough ” continues

So, this time the hackers fell victim to the BTC-E exchange. The admin of the exchange turned out to be stingy with comments and there was no event on the site’s news, but I had the opportunity to watch the events unfolding.

Everyone (except, of course, the hacker himself) was surprised by the sharp rise of the Bitcoin rate on one BTC-E exchange. It rose to $ 40 for 1 BTC, and went higher, reaching $ 80. This caused a shock reaction of people (see the screenshot ), some particularly risky even managed to sell their darling BTC for expensive, and then buy it again on the cheap. The hacking method is not exactly clear yet, but most agree that this is getting limited access to the database through banal SQL injection and creating fake LibertyReserve USD on a hacker account, followed by buying up bitcoins and outputting them. This explains such a rapid rise, because The attacker bought absolutely everything (BTC, LTC, etc.) at any price.


')
BitInstant assures that their reserves are not affected. The developers of BTC-E also assure that only “they [hackers] brought out only a small amount of BTC. They made a fake deposit of LibertyReserve-dollars, bought BTC and brought them out. Now we are rolling back trading on the exchange. ”
The exchange was turned off until 14:00 Moscow time.

The amount of theft can be judged from data from bitcoincharts.com, which show (UPD: they have already removed this data), which in total for the time of the hack was about 55 thousand BTC.
Of course, it’s not a fact that they managed to withdraw all this money (it would be surprising if BTC-E kept them all in a hot wallet), but anyway the volume is impressive.

UPD: Just a few minutes ago, an official comment finally appeared, in which it was written that the hacking occurred through the compromise of the interface's secret key with LibertyReserve and approximately 4,500 BTC were stolen.
Questions nevertheless still arise, since
a) it is not very easy to pick a 16-character key with brute-force, to put it mildly, and
b) in addition to the secret key, you also need to know the name of the LibertyReserve API, without knowing which nothing happens.

Still, they keep back something.

By the way, that is why many exchanges (including icbit ) do not work directly with LibertyReserve, but use proven intermediaries who have been exclusively involved in depositing and withdrawing funds in various currencies for many years.