UPDATED 20:14 EST / AUGUST 16 2015

Storm cloud NEWS

Team Fortress 2 trading site Dispenser.tf hacked, bitcoins stolen

Earlier this week, popular Team Fortress 2 item trading forum and website Dispenser.tf was taken offline due to hackers compromising the site, which led to the theft of 100 bitcoins (approximately $26,000 USD.)

The sites owner, posting as Joto, went to Valve Corporation’s Steam community forums to explain:

At around 9:00pm (GMT+8), there was [unauthorized] access of our admin interface and about 100 BTC were stolen (in which about 60 belongs to us). The BTC is sent to the hacker’s address 1Pjb2vHTussuYjYf7mZL68LU41U6WVpTAj . We have temporarily take down the site to investigate the issue. We will restart the site as soon as possible.

We are deeply sorry about this unfortunate event. We will try our best to recover from this.

The attack occurred last week, Wednesday, August 12, which is the same day as the post on the Steam community forums.

According to Joto, one of the administrators of the site, believes that the password belonging to his partner, Cara, was stolen. The attacker had logged into Cara’s Google account as evidenced by access from an unknown IP address. Joto mentions this was his “careless mistake,” referring to the fact that the 100 BTC stolen had remained in the site’s hot wallet and had not been moved to a cold wallet.

Joto and Cara are listed as the primary contacts for traders looking for traders on the site and, according to the text of the site, it appears to be hosted in Hong Kong. The Whois records for the domain, however, have it through a registrar in France and the site is anonymized and protected by the DDoS protection service CloudFlare.

The website hosted a trading forum used to facilitate the trade of items form Valve’s wildly popular team-based first person shooter video game, Team Fortress 2. The game is best known for Valve’s decision to offer cosmetic items for a cost, jokingly known as “the hat economy” of TF2, which has led Valve in showing how much money can be made simply selling virtual items. In 2011 an analyst pegged that revenue at over $50 million.

Tapping into this market, Dispenser.tf—the .tf domain is the country code for the Territory of the French Southern and Antarctic Lands, but it also is the initials of Team Fortress—provided a marketplace for players to buy and sell virtual items in Valve’s game outside of the usual channels.

It’s unknown how much money passed through Dispenser.tf before it was shut down due to this hack; but even if it was a fraction of what Valve sees, it could get considerable, this likely made the site a tasty target for hackers looking for a way in.

The website admins started looking into accepting bitcoin via Dispinser.tf in 2014 and implanted it fairly shortly thereafter. Joto’s discussion on adding bitcoin can be read (Google cache link) in March 2014 about testing a potential system. Security is also discussed.

Perhaps Joto and Cara could have taken a card from their own users on security to have prevented this heist.

Image credit: via Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU