Amid a subsequent investigation conducted in partnership with Michael Perklin of Ledger Labs, a hacker contacted the exchange claiming to have purchased information, including the IP address of ShapeShift’s office and access details for the exchange’s admin interface, from that former employee.
Disclaimer: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in ShapeShift.
"Ledger Labs has worked with ShapeShift on new infrastructure for a vastly more secure platform going forward," Perklin told CoinDesk by email. "Even with internal sabotage from an employee, the company avoided any customer funds being lost."
According to the report, that employee stole $130,000 from ShapeShift in mid-March. The employee, who was not identified, later sold sensitive security information to an outside hacker after being fired from the exchange. Another $100,000 in funds denominated in bitcoin, ether and litecoin were stolen on 7th and 9th April.
ShapeShift has since moved to rebuild the service, and it says it expects to reopen by 20th April, or this Wednesday. In the wake of the attack, the exchange says it has implemented new security protocols, developed in partnership with Toronto-based consultancy Ledger Labs.
The report goes on highlight the steps taken by the hacker to obscure his or her tracks. It also details two conversations between the hacker and CEO Erik Voorhees, during which it was claimed that the employee had sold key security data .
Image via Shutterstock
Legal action in the form of a civil lawsuit has also been taken against the former employee, though ShapeShift declined to comment on where the suit has been filed, citing privacy reasons.
The report comes days after ShapeShift was taken offline following a then-undetailed security incident that resulted in the loss of funds held in the exchange’s connected wallets.
ShapeShift later said that it believed the theft was an inside job.
The full incident report can be found below.
Analysis would later show that two servers used to house the exchange were targeted in the incidents, though direct evidence of any intrusion appeared to be scrubbed by whoever was behind it.
According to the report, the first incident took place on 14th March, the company said, resulting in the loss of 315 BTC. It was soon established that a ShapeShift employee was behind the incident.
The exchange says it believes it can recover a “significant” amount of the lost funds.
The report stated:
The employee was fired the next day, ShapeShift told CoinDesk. Work was then begun on moving the service onto safer hardware.
“Since direct evidence of a specific attack vector was not found during the digital forensic investigation, an analysis of the available facts was performed to identify all possible attack vectors that fit the facts. It was noted that the attacker was not only able to compromise both infrastructures fairly quickly, but they were able to identify their IP addresses equally as fast.”
The exchange says it has improved its security procedures, including how it goes about transmitting secure information between employees and manages access to its servers. In the wake of the hack. ShapeShift has also moved to draft and put in place formal security policies.
Yet according to ShapeShift’s report, the thefts continued. On 7th April, 97 BTC, 3,600 ETH and 1,900 LTC in funds were stolen. Within two days of that theft, after the site was taken offline and steps were taken to beef up security, an additional 57 BTC and 2,200 ETH were taken.
Digital currency exchange ShapeShift lost as much as $230,000 in three separate thefts over the course of a month, according to an incident report prepared by the service and obtained by CoinDesk.
“To reiterate, no customer money was lost or at risk, and ShapeShift will be back online soon. Thank you to the community and our customers for your patience,” Voorhees said in a statement.
Coinbase Adds First Ethereum Token to Professional Trading Platform
Crypto exchange startup Coinbase is adding the 0x protocol token to its professional trading platform, Coinbase Pro.
Announced Thursday, the exchange said in a blog post that it had begun accepting
SpankChain Says Hacker Returned Stolen Crypto Funds
A hacker who stole 165.38 ETH from the SpankChain platform has returned the funds.
The payment platform focused on the adult industry announced Thursday that the hacker, who stole the funds from th
Korea's Largest Bitcoin Exchange Sells Stake in $350 Million Deal
Bithumb, currently the largest cryptocurrency exchange in South Korea by trading volume, just confirmed it has sold more than 38 percent of its total ownership to a blockchain consortium based in Sing
Nevada's Utilities Agency Eyes Blockchain for Energy Credit System
The Public Utilities Commission of Nevada, a government agency charged with supervising and regulating power utility services in the state, is looking to implement blockchain for its energy credit tra
Fake News Site Used New Zealand Prime Minister to Pump Bitcoin Startup
A fake news site has used the likeness of New Zealand Prime Minister Jacinda Ardern to promote articles on Facebook aimed to pump a crypto startup.
Local media source Stuff reported Friday that sev
FinCEN Blasts Iran's 'Malign' Use of Crypto to Bypass Economic Sanctions
A U.S. regulator is urging domestic exchanges to help prevent the Iranian regime from using cryptocurrency to bypass economic sanctions.
The Financial Crimes Enforcement Network (FinCEN) published
3 Bitcoin Price Factors That Suggest Bears Are in Charge
The prospect of a deeper drop in bitcoin prices has increased, price-volume analysis indicates.
The world's most valuable cryptocurrency, which had been trading sideways since September 22, fell sh
Leading Auction House Christie's to Record Art Sales on a Blockchain
London-based Christie's, one of the oldest and most noted art auction houses in the world, is turning to blockchain tech to securely store sales and provenance data.
The firm, which has a history g