Bitcoin Cash supporters were jubilant today after learning their much loved tippr bot was back following a statement by Reddit that an account hacks security vulnerability had been fixed.
“A malicious actor targeted Mailgun and gained access to Reddit’s password reset emails. The nature of the exploit meant that an unauthorized person was able to access the contents of the reset email. This individual did not have access to either Reddit’s systems or to a redditor’s email account,” a Reddit admin says.
Mailgun is an email automation service which apparently had an employee’s account compromised by an unauthorized user. How exactly that employee was compromised remains unclear, but Mailgun says:
“We immediately closed the point of access to the unauthorized user and deployed additional technical safeguards to further protect this sensitive portion of our application.”
There was speculation the account hacks of mainly Bitcoin Cash supporters was an inside job by a Reddit employee, but it seems that an employee’s account at a third party system was affected instead.
“As an immediate precautionary measure, we moved reset emails to an in-house mail server soon after we determined reset links were indeed being clicked without access to the user’s email, and before Mailgun had confirmed to us that they were vulnerable,” a Reddit admin says.
It remains unclear who was behind the hack or whether Reddit and Mailgun will pursue that line of investigation, with many pointing fingers at Bitcoin Core supporters because the r/btc subbreddit was hacked to point to r/bitcoin. Accused of being too slow to react, a Reddit admin says:
“I’m confident in saying we reacted to this just about as quickly as possible. We went from first report at ~7 AM EST to identifying the source of the issue and switching to an in house system and therefore working around the vulnerability at around ~3 PM EST, on New Year’s Eve.
We waited a few more days to publicly disclose as we were waiting on Mailgun to finish their investigation and then for us to fully review logs to make sure we had the timeline correct and had the right idea about the impact, but during that time we were confident that our workaround would prevent any further impact to our users.”
It may be the hacker is never found, but Bitcoin Cash users now have their tip bot back and celebratory money was flowing today, with tips of $20 and as high as $100.
It is the most visible method of showing just how cool BCH can be, as you can send money to anyone, even in very small amounts, for as good as no fee.
And now, they can keep doing so, with BCH once more turning their other cheek when slapped by Bitcoin Core supporters, to only come back stronger, like a phoenix.