Doge Vault hack exposes user passwords, wallet data

Doge Vault hack exposes user passwords, wallet data

Summary: In last week's hack of Doge Vault, hackers not only stole Dogecoin, but exposed user account data.

SHARE:
TOPICS: Tech Industry
0
Screen Shot 2014-05-19 at 08.42.34

Doge Vault is yet another casualty of cyberattacks resulting in the theft of cryptocurrency, but details have emerged that suggest the situation is worse than previously believed.

This month, Dogecoin storage system Doge Vault closed its doors, and users reported that Dogecoin was vanishing in the hundreds of thousands from hot wallets. The website stated that the service was "compromised by attackers" which resulted in "service disruption and tampering with wallet funds," and as a result, service was temporarily stopped until the situation was fully investigated.

In an announcement on its website Thursday, Doge Vault admitted that hackers infiltrated the online wallet service on May 11. The security breach resulted in the theft of approximately 280 million Dogecoins out of a total balance of 400 million kept in the hot wallet. In total, 120 million Dogecoin have been recovered and "transferred to an address under our control," according to the cryptocurrency vault.

In total, approximately $55,000 in the cryptocurrency has been stolen.

"It is believed the attacker gained access to the node on which Doge Vault's virtual machines were stored, providing them with full access to our systems," Doge Vault stated. "It is likely our database was also exposed containing user account information; passwords were stored using a strong one-way hashing algorithm. All private keys for addresses are presumed compromised; please do not transfer any funds to Doge Vault addresses."

Read this

The dirge of Dogecoin: Cryptocurrency doomed to failure

The dirge of Dogecoin: Cryptocurrency doomed to failure

... and yet we still choose novelty over risk. Businesses take note: virtual currency can result in imaginary profit.

While passwords were protected, the data can still be cracked and converted into plain text. As that will only be a matter of time, users should stop using their specific password on other websites as a matter of caution, and it is possible that Doge Vault users may become the target of tailored phishing attacks.

Doge Vault says that "every effort" will be made to refund users, and more information will be released once the investigation into the security breach is over.

Over the last few years, attacks on cryptocurrency exchanges and vaults have increased due to the lucrative rewards of breaching systems and making off with virtual funds.

This year's headline security breach took place at Mt. Gox, the once-dominant Bitcoin exchange that was forced to file for bankruptcy following the theft of 650,000 BTC worth hundreds of thousands of dollars. After Mt. Gox's demise, a number of other Bitcoin exchanges followed suit, including Flexcoin and Poloniex.

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion