One of the most famous virtual meeting points for Bitcoiners around the world has been hacked. BitcoinTalk.org was attacked this Wednesday (2) by a group called “The Hole Seekers”.
According to users who shared information here and also as reported by the website Cryptolife, the forum played an apparently harmless flash animation to the visitors. However, the platform has been shut down while the consequences of the attack aren’t reversed.
Although the attack didn’t look malicious at the first sight, it can be a tricky problem to solve. Cryptolife has published an update made by ‘theymos’ (also shared at Bitcoin’s sub-reddit):
It’s unfortunately worse than I thought. There’s a good chance that the attacker(s) could have executed arbitrary PHP code and therefore could have accessed the database, but I’m not sure yet how difficult this would be. I’m sending out a mass mailing to all forum users about this.
Summary: The forum will be down for a while. Backups exist and are held by several people. It’s unknown if whether or not any user data was compromised. At this time I feel that password hashes were probably not compromised, but I can’t say for sure. If you used the same password on bitcointalk.org as on other sites, you may want to change your passwords. Passwords are hashed using sha256crypt with 7500 rounds (very strong). The JavaScript that was injected into bitcointalk.org seems harmless.
Here’s what I know: the attacker injected some code into $modSettings[‘news’] (the news at the top of pages). Updating news is normally logged, but this action was not logged, so the update was probably done in some roundabout way, not by compromising an admin account or otherwise “legitimately” making the change. Probably, part of SMF related to news-updating or modSettings is flawed. Possibly, the attacker was somehow able to modify the modSettings cache in /tmp or the database directly.
Also, the attacker was able to upload a PHP script and some other files to the avatars directory.
Figuring out the specifics is probably beyond my skills, so 50 BTC to the first person who tells me how this was done. (You have to convince me that your flaw was the one actually used).
According to ‘theymos’, the forum won’t go back up until he knows what happened for sure, “so it could be down for a while”. In the meantime, you can check a video that shows the hack here. There’s even music.
Why you can trust 99Bitcoins
Established in 2013, 99Bitcoin’s team members have been crypto experts since Bitcoin’s Early days.
Weekly Research
100k+Monthly readers
Expert contributors
2000+Crypto Projects Reviewed
Free Bitcoin Crash Course
- Enjoyed by over 100,000 students.
- One email a day, 7 days in a row.
- Short and educational, guaranteed!
Maximize Your Trading With Margex’s 20% Deposit Bonus
‘Buy in May, Get Paid in June?’ – $300K Bitcoin Calls Heat Up, BTC Bull Token Is Locked In
CoinGecko Report Analysis: What Moved Crypto in Q1 2025?
10 Best Crypto Bonuses in 2025 – Top Exchange Offers & Promotions
BingX Launches $10 Risk-Free Copy Trading Voucher for New Users in Exclusive Event
