ShapeShift had three hot wallets hacked: Bitcoin, Ethereum, and Litecoin.
Bloomberg
Erik Voorhees, the CEO of ShapeShift, has made public some of the details and findings from the investigation into the recent cyber attacks on his company. The bottom line is that about $230,000 worth of Cryptocurrencies were stolen from its hot wallets, but we are assured that none of it was clients' funds and that the service will be back in operation on Wednesday.
ShapeShift, a site that allows users to instantly cross-convert over forty cryptocurrencies, has already been down for over a week, with a notice on the site saying that it will likely be down for a few more days for an infrastructure upgrade.
Bringing credibility to the process, the forensic audit of ShapeShift was conducted by Michael Perklin of Ledger Labs, a Toronto-based consulting and development firm that applies decentralized systems and principles to the fields of security, finance, and governance. Perklin is an information security expert with experience in performing digital forensic examinations, cyber investigations, and incident response postmortems. He has testified about blockchains at the Canadian Senate's Committee on Banking, Trade, and Commerce and has been qualified as an expert witness in the courts of Canada.
ShapeShift's management decided to re-architect the exchange's infrastructure entirely, using greatly enhanced security protocols and methods, under the supervision of Mr. Perklin.
Unfolding of the event according to Erik Voorhees:
Erik Voorhees
"On March 14th, ShapeShift had 315 Bitcoins stolen from its hot wallet. It was quickly discovered that an employee at that time had committed the theft. It was reported to relevant authorities, and a civil suit was opened against the individual. As we had quickly figured out who it was, and how to resolve it internally, we were able to keep the site running uninterrupted. We planned to get the stolen property returned, and thought that was the end of it.
On April 7th, last week, as we were about to migrate the service to a new host (having worked for a couple weeks on new infrastructure in the wake of the theft), we noticed three hot wallets had been hacked, Bitcoin, Ethereum, and Litecoin (roughly 97 BTC, 3600 ETH, and 1900 LTC). We were initially unable to determine how it had happened. We took the site offline, and decided to assume the infrastructure itself and all keys were potentially compromised. We cycled all keys and spun up brand new infrastructure on an entirely new host, once again, 24 hours later.
During that rebuild, contact was established with the hacker, who indicated that the rogue employee from the month prior had given the hacker the information needed to carry out the attack.
We relaunched the site on this third set of infrastructure (Friday night). When we awoke Saturday morning, it was discovered that Bitcoin and Ethereum had yet again been stolen from the new hot wallets. 57 BTC and 2200 ETH. This didn't make any sense as none of the keys used had been shared with prior infrastructure. This happened less than 48 hrs after the prior incident.
During the following days, two chat sessions occurred between myself (Erik) and the hacker, who went by the name, Rovion Vavilov. In these sessions, evidence was provided showing how the hacker breached both environments, using information he had purchased from the former employee."
Erik Voorhees, the CEO of ShapeShift, has made public some of the details and findings from the investigation into the recent cyber attacks on his company. The bottom line is that about $230,000 worth of Cryptocurrencies were stolen from its hot wallets, but we are assured that none of it was clients' funds and that the service will be back in operation on Wednesday.
ShapeShift, a site that allows users to instantly cross-convert over forty cryptocurrencies, has already been down for over a week, with a notice on the site saying that it will likely be down for a few more days for an infrastructure upgrade.
Bringing credibility to the process, the forensic audit of ShapeShift was conducted by Michael Perklin of Ledger Labs, a Toronto-based consulting and development firm that applies decentralized systems and principles to the fields of security, finance, and governance. Perklin is an information security expert with experience in performing digital forensic examinations, cyber investigations, and incident response postmortems. He has testified about blockchains at the Canadian Senate's Committee on Banking, Trade, and Commerce and has been qualified as an expert witness in the courts of Canada.
ShapeShift's management decided to re-architect the exchange's infrastructure entirely, using greatly enhanced security protocols and methods, under the supervision of Mr. Perklin.
Unfolding of the event according to Erik Voorhees:
Erik Voorhees
"On March 14th, ShapeShift had 315 Bitcoins stolen from its hot wallet. It was quickly discovered that an employee at that time had committed the theft. It was reported to relevant authorities, and a civil suit was opened against the individual. As we had quickly figured out who it was, and how to resolve it internally, we were able to keep the site running uninterrupted. We planned to get the stolen property returned, and thought that was the end of it.
On April 7th, last week, as we were about to migrate the service to a new host (having worked for a couple weeks on new infrastructure in the wake of the theft), we noticed three hot wallets had been hacked, Bitcoin, Ethereum, and Litecoin (roughly 97 BTC, 3600 ETH, and 1900 LTC). We were initially unable to determine how it had happened. We took the site offline, and decided to assume the infrastructure itself and all keys were potentially compromised. We cycled all keys and spun up brand new infrastructure on an entirely new host, once again, 24 hours later.
During that rebuild, contact was established with the hacker, who indicated that the rogue employee from the month prior had given the hacker the information needed to carry out the attack.
We relaunched the site on this third set of infrastructure (Friday night). When we awoke Saturday morning, it was discovered that Bitcoin and Ethereum had yet again been stolen from the new hot wallets. 57 BTC and 2200 ETH. This didn't make any sense as none of the keys used had been shared with prior infrastructure. This happened less than 48 hrs after the prior incident.
During the following days, two chat sessions occurred between myself (Erik) and the hacker, who went by the name, Rovion Vavilov. In these sessions, evidence was provided showing how the hacker breached both environments, using information he had purchased from the former employee."
FM's Editor-in-Chief Yam Yehoshua on how the newsroom evaluates stories.
FM's Editor-in-Chief Yam Yehoshua on how the newsroom evaluates stories.
FM's Editor-in-Chief Yam Yehoshua on how the newsroom evaluates stories.
FM's Editor-in-Chief Yam Yehoshua on how the newsroom evaluates stories.
Matthew Smith, Group CEO at EC Markets, speaking at FMLS:24
Matthew Smith, Group CEO at EC Markets, speaking at FMLS:24
Matthew Smith, Group CEO at EC Markets, speaking at FMLS:24
Matthew Smith, Group CEO at EC Markets, speaking at FMLS:24
Finance Magnates Annual Awards 2024 | FM Awards 2024 Highlights
Finance Magnates Annual Awards 2024 | FM Awards 2024 Highlights
🎥Catch the best moments from the Finance Magnates Annual Awards Gala Dinner!
An evening where top names in finance came together to celebrate achievements, enjoy live music, and connect over a memorable dinner. Watch the highlights and feel the energy of our first gala in Cyprus!
Congratulations to all the winners for their dedication to excellence and leadership in the financial industry, including XM, Trading PRO, FP Markets, Deriv, FxPro, LATAM, Headway, ATFX, FBS, AMEGA, EC Markets, Axi
For more information about the 1st Finance Magnates Annual Awards, visit https://bit.ly/3Zb7wNz
#FinanceMagnatesGala #IndustryExcellence #GalaHighlights #FinanceMagnatesAnnualAwards #FinanceMagnatesAwards #CelebratingSuccess #FinanceCommunity
🎥Catch the best moments from the Finance Magnates Annual Awards Gala Dinner!
An evening where top names in finance came together to celebrate achievements, enjoy live music, and connect over a memorable dinner. Watch the highlights and feel the energy of our first gala in Cyprus!
Congratulations to all the winners for their dedication to excellence and leadership in the financial industry, including XM, Trading PRO, FP Markets, Deriv, FxPro, LATAM, Headway, ATFX, FBS, AMEGA, EC Markets, Axi
For more information about the 1st Finance Magnates Annual Awards, visit https://bit.ly/3Zb7wNz
#FinanceMagnatesGala #IndustryExcellence #GalaHighlights #FinanceMagnatesAnnualAwards #FinanceMagnatesAwards #CelebratingSuccess #FinanceCommunity
FMLS:24 | Shaping the Next Era of Financial Evolution
FMLS:24 | Shaping the Next Era of Financial Evolution
Welcome to FMLS:24 – the premier event where influential brands and leaders in trading, payments, fintech, and digital assets come together!
Join over 2,500 industry professionals, engage with 150+ expert speakers, and discover endless opportunities with 70+ top exhibitors. FMLS:24 is where senior executives and decision-makers gather to close deals, forge new partnerships, and strengthen connections with long-term clients.
Whether you’re in finance, technology, or payments, this summit is your gateway to future growth, meaningful collaborations, and industry-leading insights.
👉 Don't miss out – secure your ticket now at https://events.financemagnates.com/ZQEYy0?utm_source=youtube&utm_campaign=fmls24-awareness&utm_medium=video&RefId=MLS%3A24+Video+Promo
#fmls #fmls24 #fmevents #financemagnates #forex #payments #crypto #events #london #fintech #ai #generativeai #technology #onlinetrading #forex #investing #investors #tech
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!
Welcome to FMLS:24 – the premier event where influential brands and leaders in trading, payments, fintech, and digital assets come together!
Join over 2,500 industry professionals, engage with 150+ expert speakers, and discover endless opportunities with 70+ top exhibitors. FMLS:24 is where senior executives and decision-makers gather to close deals, forge new partnerships, and strengthen connections with long-term clients.
Whether you’re in finance, technology, or payments, this summit is your gateway to future growth, meaningful collaborations, and industry-leading insights.
👉 Don't miss out – secure your ticket now at https://events.financemagnates.com/ZQEYy0?utm_source=youtube&utm_campaign=fmls24-awareness&utm_medium=video&RefId=MLS%3A24+Video+Promo
#fmls #fmls24 #fmevents #financemagnates #forex #payments #crypto #events #london #fintech #ai #generativeai #technology #onlinetrading #forex #investing #investors #tech
📣 Stay updated with the latest in finance and trading!
Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today:
🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/
👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents
📸 Instagram: https://www.instagram.com/fmevents_official
🐦 Twitter: https://twitter.com/F_M_events
🎥 TikTok: https://www.tiktok.com/@fmevents_official
▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official
Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!
