Bitcoin
Hackers Exploit Reddit’s Email Vulnerability To Steal Bitcoin Cash

Three weeks before, as many as 20 Reddit users, who were part of the r/btc group supporting Bitcoin Cash (BCH), lost their holdings in their hot wallet. The total amount lost was estimated to be between $2,000 and $4,000. An investigation into the theft revealed the novel tactics employed by hackers to steal Bitcoin Cash.
The hacking of BCH hot wallets was accomplished by misusing the tipping facility provided in the social news aggregation site. The tipping process is handled by a bot named Tippr. Once a Reddit member sets the desired amount for donation and activates the facility, Tippr will withdraw from the hot wallet of the donor and send it to the recipient.
The hacker took advantage of vulnerability in the third-party email functionality, provided by Mailgun, to initiate a password reset of the Reddit account. Even users with two-factor authentication were unable to escape from the attack. More importantly, users did not receive any kind of alert about suspicious activity in their emails.
Reddit blamed Mailgun for the incident, resulting in the loss of Bitcoin Cash from the hot wallet. Mailgun accepted their fault, but said the customer payment information was not compromised in any way. Reddit engineer gooeyblob said
“A malicious actor targeted Mailgun and gained access to Reddit’s password reset emails. The nature of the exploit meant that an unauthorized person was able to access the contents of the reset email. This individual did not have access to either Reddit’s system or to a Redditor’s email account. As an immediate precautionary measure, we moved reset emails to an in-house mail server.”
Josh Odom, Mailgun CTO guaranteed that the point of access exploited by the hackers has been closed. Odom also informed that additional security measures have been employed to safeguard users’ data.
Odom said
“Mailgun has now completed its diagnostic of accounts that were affected and has notified each of the affected users. At this time, we believe less than one percent of our customer base was potentially affected.”
Reddit has also disabled the Tippr bot temporarily. Ironically, Bitcoin supporters and even the administrator of Reddit was blamed for the incident before software engineers identified the manner in which the hacker gained access to the hot wallet.
It is not the first time such an incident is happening. A few years back, Dogecoin wallets were hacked, leading to a loss of about 21 million coins. However, the Doge community joined hands to raise money for victims.
-
Latest News7 days ago
ACR POKER’S NEXT HIGH STAKES ADVENTURE TAKES PLAYERS TO MONTENEGRO FOR PRESTIGIOUS SUPER HIGH ROLLER SERIES
-
Asia1 day ago
Jetapult Strengthens AI Expertise: Onboards Industry Leaders, Oz Silahtar and Dr. Arjun Jain
-
Latest News7 days ago
Paysecure wins “Best Online Payment Service 2025” at SiGMA Americas Awards
-
Latest News2 days ago
Roobet Promo Code: Redeem “WRD100” Now to Get a Free Money & Cashback
-
Latest News2 days ago
UK Gambling Commission Flags Deepfake-Fueled Money Laundering Threats in Online Gambling Sector
-
Africa2 days ago
Gaming Corps Expands African Presence with KingMakers Partnership
-
Latest News2 days ago
Recently Released Slot Games Worth Checking Out
-
Latest News1 day ago
Affiliate Sites as Gatekeepers: What Role Do We Play in Shaping the Industry?