Where there are bitcoins, there will be hackers, no matter who happens to own the digital cash. Recently, a hacker targeted several accounts associated with the Free Ross defense fund, Bitcoin.com reports.
“Friends, we are sad to inform you that we have been a target of a terrible hack. Please do not make any donations to Free Ross at this time,” the group wrote in a Facebook post recently. Free Ross is a campaign centered around raising funds for the defense of Ross Ulbricht, who was sentenced to life in prison for running the Silk Road drug marketplace in 2015. His defense team is currently appealing the sentence.
The hacker successfully compromised Free Ross’ email, PayPal, Twitter, and bitcoin accounts, according to the Facebook post.
Roger Ver, a bitcoin investor and fervent supporter of Free Ross, said in a Reddit post that the hacker had approached him.
“The hacker messaged me on Twitter DM this morning pretending to be Lyn [Ross’ mother]. I knew right away that it wasn’t her due to the horrible English. Whoever the hackers are, they aren’t native English speakers,” he wrote.
Ver also implied that the hackers may have targeted Free Ross’ cell phone account in order to bypass two-factor-authentication on the group’s online accounts.
“This is a prime example of why SMS based 2FA isn’t much better than having no 2FA at all,” he wrote on Reddit. Hackers can sometimes trick a phone company into routing calls and text messages to another SIM card under their control, including texts containing verification codes for logging into, say, Twitter.
Since 2014, the Free Ross bitcoin wallet has received around 913 bitcoin ($829,000 at today’s exchange rate), according to blockchain records. The group has held several fundraising campaigns, including asking for donations to reveal Ross’ artwork bit-by-bit.
But according to the Free Ross campaign, the hacker didn’t manage to steal any funds from either the Free Ross bitcoin wallet or PayPal account.
“We can keep fighting for Ross full out,” Free Ross wrote in a Facebook post last week. “Thank you to all of our friends who helped us fend off the hackers.” Judging by the blockchain someone did remove approximately 40 bitcoins ($35,000) around the time Free Ross announced the hack. Free Ross clarified to Motherboard in a Twitter message that some of those were to another account held by the campaign.
“Our PayPal account is secure and safe to donate through. Our bitcoin is safe, but we’re in the process of regaining access to the frozen account, so please wait to give bitcoin donations. We’ll announce when this is done,” Free Ross added.