Yesterday, Bitcoin enthusiast discussion forum Bitcointalk.org announced that an intruder compromised their forum software and may have had access to the password hashes–but the intruder seemed a lot more interested in plastering Bill Cosby all over in a forum prank. The attack happened on September 3, 2011 so if the attacker has the passwords, they have been in the wild for nine days. Anyone who uses the forum should change their current password as soon as possible.

According to the announcement, the forum is running an older version of Simple Machines Forum software. While the 1.x tree is currently supported, the 2.x tree has been released and Bitcointalk.org has not yet upgraded to it. The announcement claims the exploit was a 0-day bug meaning that it had just been discovered and had yet been unpatched; however, it’s difficult to determine what the SMF community knows about the bug as most development is being put into the 2.x. The exploit could have allowed the attacker to run arbitrary PHP code which would have given him/her access to the file system and database (and therefore the password hashes.)

Fortunately, Bitcointalk.org stores passwords in cryptographic hashes meaning that clear passwords would not have been leaked to the attacker. Given enough time and energy a determined attacker can still decrypt the passwords; but using hashes is still an excellent practice that gives establishments and forum users enough time to get them changed to help reduce the damage from a password leak.

“The attacker first paid for a donator account so he could change his displayed username. The displayed username field is not escaped properly, so he was able to inject SQL from there,” wrote theymos of Bitcointalk.org. “He took over Satoshi’s account, and from Satoshi’s administrative interface he was able to inject arbitrary PHP code by modifying the style template.”

The hacker introduced some annoying JavaScript to the entire site suggesting the hack was more of a prank. The JavaScript generated Bill Cosby related pop-ups, offered to change Bitcoins into Cosbycoins, simulated uploading wallet.dat, and changed some avatars to the image of Bill Cosby. It’s hard to tell from this if the hacker also involved themselves in more malicious activity, but it certainly looks like they had a lot of fun with the site after they broke in.

Bitcoin establishments have been intermittently hit by hackers as the newly popular cryptocurrency has become noticed by the media. The hack of MtGox and subsequent crash has led the largest bitcoin exchange to take a new tack in their own security. Also, as the popularity of the currency increases, scammers will continue to attempt to take advantage of it by phishing people’s accounts. An attacker stealing passwords and impersonating well-known people could easily do just that.

Don’t use the same login credentials twice (no two password usernames alike) and make sure that you get your Bitcointalk.org password changed as soon as possible. The attacker may not be savvy enough to decrypt the passwords but if s/he has them they might be lucrative to someone who can.