The folks at Coindesk are reporting a fascinating phishing attack on leaked list of auction participants for the Silk Road bitcoins. The list, which appeared after a member of the US Marshals failed to use BCC, identified all the parties attempting to bid on the bitcoin seized during a raid on the Silk Road marketplace.
It has been a useful tool for scammers.
In this case the thieves sent a set of interview questions to the participants while masquerading as Bitfilm Productions. When participants opened the message, it forwarded them to a bogus email login page which captured logins and passwords.
One company, Bitcoin Reserve was hardest hit. After logging in to read the document, the hackers used CTO Jim Chen’s email login to forward requests to members of the staff to send bitcoin to a certain wallet. The team sent 100 bitcoin to the wallet before the scam was uncovered. The WSJ has more details.
Given the irreversible nature of bitcoin transactions I’d expect these scams to happen more and more often, which could be an interesting problem for a startup to solve. Also always check your URLs, folks.