Six employees of Bitstamp were targeted
in a weeks-long phishing attempt leading up to the theft of roughly
$5m in bitcoin in January, according to an incident report said to be
drafted internally by the bitcoin exchange. It is reported CoinDesk.
The confidential document, posted to Reddit by a single-purpose account, offers an in-depth look into what is believed to be the inside story of the hack, which resulted in the loss of just under 19,000 BTC earlier this year. Since then, the company has offered scant details on what took place behind the scenes, citing confidentiality regarding the investigation into the lost funds.
The report’s findings are notable as they illustrate the risks facing bitcoin exchanges, including social engineering attacks in which personal information is used to trick victims into providing a means of access to sensitive materials.
In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership.
The report, attributed to Bitstamp general counsel George Frost, explained:
“On 11th December, as part of this offer, the attacker sent a number of attachments. One of these, UPE_application_form.doc, contained obfuscated malicious VBA script. When opened, this script ran automatically and pulled down a malicious file from IP address 184.108.40.206, thereby compromising the machine.”
Ultimately, the attackers were able to access two servers containing the wallet.dat file for Bitstamp’s hot wallet and the passphrase for that file.
Oz Nathan and Guy Zyskind along have developed Enigma, a system which allows total privacy when sharing data on cloud-hosted servers.
Bitcoin exchange Quoine and payments network Econtext recently struck a deal that can allow over 20,000 online and ...
The US Federal Trade Commission (FTC) has penned a new blog post aiming to give advice to consumers who may pay for ...
Nasdaq has enlisted blockchain infrastructure provider Chain for its project to use digital ledger technology for the issuance and ...