Reddit’s Third-Party Password Reset System Hack Affects “Less than 20” Bitcoin Cash Users

Earlier this week, the Bitcoin Cash community woke up to a rather nasty and unexpected surprise. Someone – or a group of people – had successfully compromised Reddit’s email provider. As a result, the assailant(s) managed to obtain an unspecified amount of Bitcoin Cash from multiple Reddit accounts. These balances were associated with the Bitcoin Cash tip bot, which has become rather popular over the past few weeks. More information regarding this incident came to light over the weekend.

Reddit Hack Impacts Bitcoin Cash Tips

It is never good to see the Reddit platform be affected by a major hack. Unlike what most people expected, it seems this particular attack was directed entirely at the Bitcoin Cash community. Ever since this hard fork came to market, there has been a lot of interest in obtaining BCH. Moreover, the currency’s value has also soared, making it one of the top 5 cryptocurrencies ranked by market cap. It was evident that this popular currency would eventually attract the attention of cybercriminals.

One such attack took place earlier this week. According to an internal Reddit investigation, a hacker – or group of hackers – successfully breached the platform’s third-party password reset system. This, in turn, gave the assailant(s) access to individual Reddit accounts. It is important to note the hacker never gained access to Reddit’s systems or to Reddit users’ email accounts. However, they did access Reddit accounts, especially those who had recently received Bitcoin Cash tips.

For the time being, it remains unclear how many user accounts were affected. According to Reddit, the attack was limited to “less than 20” users, even though an attack like this one would have never taken place if its third-party service provider hadn’t been compromised. When account owners found out their passwords had been reset without their knowledge, it quickly became clear that something was amiss. Unfortunately, they also noticed that their Bitcoin Cash tip balances were gone altogether.

Incidents like these need to be taken very seriously. Some people may dismiss them as a problem affecting a fringe group of users and claim cryptocurrencies should be avoided. At the same time, an incident like this one could easily have affected any other group of Reddit users, and the consequences could have been a lot worse. It is evident this specific attack was directed against the Bitcoin Cash community, although no one knows for sure who is responsible.

All of this goes to show that reliance on third-party service providers is a very big problem. While it is understandable that Reddit can’t do everything on its own, its partnership with Mailgun has taken a big hit due to this hack. Cybersecurity is still a very pressing problem, even in the year 2018. We can only hope companies will step up their game moving forward, even though cybercriminals are always thinking five steps ahead.

Moreover, it is still unclear how much Bitcoin Cash was stolen. Considering that less than two dozen accounts were affected, it is evident this attack wasn’t as successful as it could have been. Whether or not any of the affected users will ever be reimbursed is highly unlikely at this time. Rest assured this is not the last time criminals will attack cryptocurrency enthusiasts in one way or another.