It would appear as if someone is deliberately trying to breach BTC-E user accounts as of right now. Various reports have surfaced regarding users receiving various emails asking them to reset the password due to failed login attempts from foreign IPs. Users who have two-factor authentication enabled have nothing to worry about, yet it is a big issue that needs to be resolved.
BTC-E Users Are Being Targeted
It is not uncommon for criminals to try and access exchange accounts belonging to bitcoin users. Most of these attempts are ultimately unsuccessful, though, assuming the user has taken the necessary precautions in the first place. Just using a password without additional security is never an advisable course of action, especially not in the world of bitcoin and cryptocurrency.
Right now, it appears as if BTC-E is the target of choice for criminals. Various users received emails regarding failed login attempts from a foreign IP address. It is unclear who is behind this attack, although it is possible these login attempts are executed by automated software. Someone is looking to empty some BTC-E user account balances during this turbulent time, which poses a grave risk.
For those people who missed the news, BTC-E is one of the many platforms halting USD deposits a few days ago. The company relies on Taiwanese bank accounts for parts of its operations, which has now become a liability rather than an asset. Since a lot of people may have funds stored on BTC-E – or even forgotten they have an account there – it is becoming a honeypot that will attract criminals from all over the world. Anyone who uses 2FA on their BTC-E account will be safe from harm, yet those who have not added said security may find themselves in a bit of a pickle.
What is rather interesting see how a lot of these “victims” are former Mt. Gox users. Using the same email address for multiple bitcoin services is never a good idea, as it allows criminals to target old mailing lists. It appears over half of the people receiving BTC-E password reset emails were former Mt. Gox users. Some emails are also sent out in Russian, although that doesn’t have to mean anything in particular.
It is certainly worrisome to learn some people may have reused their Mt. Gox username and password on BTC-E and other platforms. Every bitcoin-related service should have its own unique login – or email address – and associated password. Moreover, the people who reuse credentials should be among the first to enable two-factor authentication. It will be interesting to see if people lose money on BTC-E due to their own carelessness.
Header image courtesy of Shutterstock