Amid a subsequent investigation conducted in partnership with Michael Perklin of Ledger Labs, a hacker contacted the exchange claiming to have purchased information, including the IP address of ShapeShift’s office and access details for the exchange’s admin interface, from that former employee.
Disclaimer: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in ShapeShift.
"Ledger Labs has worked with ShapeShift on new infrastructure for a vastly more secure platform going forward," Perklin told CoinDesk by email. "Even with internal sabotage from an employee, the company avoided any customer funds being lost."
According to the report, that employee stole $130,000 from ShapeShift in mid-March. The employee, who was not identified, later sold sensitive security information to an outside hacker after being fired from the exchange. Another $100,000 in funds denominated in bitcoin, ether and litecoin were stolen on 7th and 9th April.
ShapeShift has since moved to rebuild the service, and it says it expects to reopen by 20th April, or this Wednesday. In the wake of the attack, the exchange says it has implemented new security protocols, developed in partnership with Toronto-based consultancy Ledger Labs.
The report goes on highlight the steps taken by the hacker to obscure his or her tracks. It also details two conversations between the hacker and CEO Erik Voorhees, during which it was claimed that the employee had sold key security data .
Image via Shutterstock
Legal action in the form of a civil lawsuit has also been taken against the former employee, though ShapeShift declined to comment on where the suit has been filed, citing privacy reasons.
The report comes days after ShapeShift was taken offline following a then-undetailed security incident that resulted in the loss of funds held in the exchange’s connected wallets.
ShapeShift later said that it believed the theft was an inside job.
The full incident report can be found below.
Analysis would later show that two servers used to house the exchange were targeted in the incidents, though direct evidence of any intrusion appeared to be scrubbed by whoever was behind it.
According to the report, the first incident took place on 14th March, the company said, resulting in the loss of 315 BTC. It was soon established that a ShapeShift employee was behind the incident.
The exchange says it believes it can recover a “significant” amount of the lost funds.
The report stated:
The employee was fired the next day, ShapeShift told CoinDesk. Work was then begun on moving the service onto safer hardware.
“Since direct evidence of a specific attack vector was not found during the digital forensic investigation, an analysis of the available facts was performed to identify all possible attack vectors that fit the facts. It was noted that the attacker was not only able to compromise both infrastructures fairly quickly, but they were able to identify their IP addresses equally as fast.”
The exchange says it has improved its security procedures, including how it goes about transmitting secure information between employees and manages access to its servers. In the wake of the hack. ShapeShift has also moved to draft and put in place formal security policies.
Yet according to ShapeShift’s report, the thefts continued. On 7th April, 97 BTC, 3,600 ETH and 1,900 LTC in funds were stolen. Within two days of that theft, after the site was taken offline and steps were taken to beef up security, an additional 57 BTC and 2,200 ETH were taken.
Digital currency exchange ShapeShift lost as much as $230,000 in three separate thefts over the course of a month, according to an incident report prepared by the service and obtained by CoinDesk.
“To reiterate, no customer money was lost or at risk, and ShapeShift will be back online soon. Thank you to the community and our customers for your patience,” Voorhees said in a statement.
Zedd, 3LAU and Big Sean: Tickets On Sale for First Blockchain Music Festival
Tickets for the first music festival set to be powered by blockchain technology are now on sale.
Scheduled for this fall, the Our Music Festival is launching its own virtual currency — the OMF toke
How Crypto Reacted to This Week's SEC Bitcoin ETF Delay
It was an expected result at an unexpected time.
The news broke on August 7 that the U.S. Securities and Exchange Commission (SEC) is kicking the can on its decision to approve or disapprove a prop
Microsoft Looks to Trusted Computing for Blockchain Security Boost
Two newly published patent applications from Microsoft suggest that the software giant is looking at the use of trusted execution environments, or TEEs, within its blockchain offerings.
Crypto Millionaire Lost 5,500 Bitcoins in Alleged Investment Scam
A 22-year-old cryptocurrency millionaire has lost more than 5,500 bitcoins in an alleged investment scam in Thailand – one that drew public attention due to the involvement of a local actor.
China's Communist Party Publishes Blockchain Tech 101
China's Communist Party is moving to make blockchain literacy the norm across public offices with the publication of an explainer for officials and members.
Released by the publishing house of the
Blockchain Social Network Minds Is Migrating to Ethereum for Launch
Blockchain-based social network Minds is migrating its platform to the ethereum network, the startup announced Monday.
After roughly four-and-a-half months on its Rinkeby test network, the startup
Bitcoin Trading Is Illegal in Saudi Arabia, Warn Watchdogs
A governmental committee comprised of Saudi Arabian regulators has issued a statement clarifying that cryptocurrency trading is illegal in the kingdom.
According to a statement issued Sunday, the s
Former S&P President Leads Seed Round for ICO Compliance Startup
Regtech and compliance startup iComply has just completed a seed funding round led by former Standard and Poor's president Deven Sharma.
The firm – which seeks to develop standard compliance tools