Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 14 submissions in the queue.

Home Owner Loses $250K in PEXA Conveyancing Hack

posted by Fnord666 on Thursday July 05 2018, @03:31AM   Printer-friendly
from the put-it-in-the-cloud-what-could-go-wrong dept.

An Anonymous Coward writes:

For a long time in Australia when you purchased property you had to visit the local Land Titles office or local equivalent to pay your stamp duty and get paperwork done. Recently several state governments decided to outsource this critical function to a private company, the Property Exchange Australia - PEXA. It was seen as a win-win with a private company taking over storing and maintaining land titles and the State Governments getting a kick back for it. Until it all went wrong recently when $250,000 was stolen from a PEXA conveyancer's account.

The victim of the hack was Dani Venn, who is well known for being on the local version of Masterchef. PEXA has claimed no responsibility for the loss and with the PEXA system soon to be made mandatory in NSW, Victoria and Western Australia, many people are concerned that the system is not secure and should not be used for title or money transfers. While the Commonwealth Bank was able to freeze and recover 138K of the funds, 110K is still missing leaving Ms Venn in the lurch. PEXA has claimed to be taking action to secure the service.

While PEXA has claimed that their online system will be of benefit to lawyers, sellers, buyers and real estate agents, the reality of moving data out of offline systems to internet based servers may very well have just created the sweetest honeypot ever seen online in Australia.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Home Owner Loses $250K in PEXA Conveyancing Hack | Log In/Create an Account | Top | 33 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by anubi on Thursday July 05 2018, @05:59AM (2 children)

    by anubi (2828) on Thursday July 05 2018, @05:59AM (#702866) Journal

    Here's another nasty one... it just sits and waits for you to copypasta a bitcoin address...

    Then sends the contents of the clipboard home, and they proceed to empty your wallet.

    Clipboard HiJacker [firstorderhistorians.com]

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]

  • (Score: 4, Informative) by qzm on Thursday July 05 2018, @06:18AM (1 child)

    by qzm (3260) on Thursday July 05 2018, @06:18AM (#702871)

    No, they dont.
    And it would be a bit useless, since bitcoin wallet addresses are usually quite public (which is kind of the point).

    What these things do it recognize a bitcoin wallet address, and substitute another address they know of.
    Hence you end up pasting their address instead of your own, they hope you dont notice, and that you (or someone else) then sends bitcoins there.

    Rather smart, really. In a 'ffs thats not good' kind of way.

    • (Score: 1) by anubi on Thursday July 05 2018, @06:35AM

      by anubi (2828) on Thursday July 05 2018, @06:35AM (#702882) Journal

      Thanks for the FTFY.... I remembered seeing that, but did not really understand how they were doing it.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]