How a Reddit Email Vulnerability Led to Thousands in Stolen Bitcoin Cash

The exploit allowed hackers to request a password reset for a target account and then click the generated link without opening the email it had been sent in. How was this possible? Theories circulated, buoyed by posts on Hacker Noon and The Next Web. It was the r/bitcoin users out to cause trouble; Or was it a Reddit admin gone rogue?But this attack had incentive beyond ideology. What made the users of r/btc such a rich target was the deployment of a bot account called Tippr, which was used, among other things, to reward a particularly funny or insightful comment. By tagging someone and designating an amount, Tippr withdrew some BCH from your hotwallet and allocated it to the recipient. Given that Tippr is active on both Reddit and Twitter (where it provides its donation service for such heavyweights as the Tor Project), there was easy money to be had.

Source: How a Reddit Email Vulnerability Led to Thousands in Stolen Bitcoin Cash

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com