Unconfirmed Report Details $5 Million Bitstamp Bitcoin Exchange Hack

Six employees of Bitstamp were targeted in a weeks-long phishing attempt leading up to the theft of roughly $5m in bitcoin in January, according to an incident report said to be drafted internally by the bitcoin exchange. It is reported CoinDesk.

The confidential document, posted to Reddit by a single-purpose account, offers an in-depth look into what is believed to be the inside story of the hack, which resulted in the loss of just under 19,000 BTC earlier this year. Since then, the company has offered scant details on what took place behind the scenes, citing confidentiality regarding the investigation into the lost funds.

The report’s findings are notable as they illustrate the risks facing bitcoin exchanges, including social engineering attacks in which personal information is used to trick victims into providing a means of access to sensitive materials.

In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership.

The report, attributed to Bitstamp general counsel George Frost, explained:

“On 11th December, as part of this offer, the attacker sent a number of attachments. One of these, UPE_application_form.doc, contained obfuscated malicious VBA script. When opened, this script ran automatically and pulled down a malicious file from IP address 185.31.209.145, thereby compromising the machine.”

Ultimately, the attackers were able to access two servers containing the wallet.dat file for Bitstamp’s hot wallet and the passphrase for that file.


Jul 2, 2015, 9:12 AM
Jul 1, 20158:43 AM

Bitcoin entrepreneurs invent means of data sharing with total privacy

Oz Nathan and Guy Zyskind along have developed Enigma, a system which allows total privacy when sharing data on cloud-hosted servers.

Jun 26, 20158:35 AM

Over 20,000 Retailers in Japan to Start Accepting Bitcoin Payments

Bitcoin exchange Quoine and payments network Econtext recently struck a deal that can allow over 20,000 online and ...

Jun 25, 201512:03 PM

FTC Warns Consumers of Bitcoin Shopping Risks

The US Federal Trade Commission (FTC) has penned a new blog post aiming to give advice to consumers who may pay for ...

Jun 25, 20159:12 AM

Nasdaq calls in Chain for blockchain project

Nasdaq has enlisted blockchain infrastructure provider Chain for its project to use digital ledger technology for the issuance and ...