A newly discovered vulnerability has appeared on a hidden online marketplace, reportedly with the ability to gain control of accounts on the BitcoinIRA platform.
The individual known as “notJoshi” alleges to have discovered a significant vulnerability in the BitcoinIRA system.
According to notJoshi, this vulnerability makes it possible for hackers to easily reset the password of any account to a password of their choosing.
In addition, this vulnerability allows for the sending of BitcoinIRA emails that appear to be official, making it extremely difficult for users to determine if the messages are legitimate.
What is BitcoinIRA: It is a leading crypto IRA platform that offers customers the opportunity to buy Bitcoin and other digital assets for their retirement accounts through a user-friendly self-trading platform that is available 24/7.
This vulnerability puts all BitcoinIRA accounts at risk of potential attacks as it can change the password of whoever the threat actor wants to.
The zero-day vulnerability is being sold at a price of $6,000. The payment terms are not clearly explained, whether it is in cryptocurrency or through escrow.
As a way to illustrate the seriousness of the vulnerability, notJoshi has also shared a proof of concept (POC) video.
This video demonstrates the exploit in action, illustrating how a few lines of code can be used to easily initiate a password reset for any BitcoinIRA account.
The POC reveals a straightforward process: by entering certain codes, the hacker can initiate a password reset request for a specific account.
Proof of concept shared by the threat actor:
Instead of sending the reset email to the account's registered email address, the request is redirected to the hacker's email.
The attacker can change the victim's password without having to access their email account.
After the password is reset, the hacker can easily gain complete access to the targeted BitcoinIRA account, which poses a serious risk to the account holder's assets.
Due to a flaw, cybercriminals may target numerous high-balance accounts on the platform that manages cryptocurrency retirement accounts.
Does this vulnerability have the ability to bypass 2FA?
We are not certain if the vulnerability affects users who have 2 factor authentication enabled on their accounts.
Even if cybercriminals manage to change the password, they may still be unable to bypass the second barrier. However, there are certain platforms where changing your password results in immediate login.
Lastly, as the vulnerability focuses on the email features of the platform, attackers can exploit this by sending threatening messages from the BitcoinIRA email address.
Hackers can pose as legitimate support, they can deceive users into granting them access to their accounts.
We highly encourage users to set up 2FA when using the mentioned platform in order to protect their funds from potential theft.