[2016-04-14] Shapeshift Update: Security Breach Could be an Inside Job

[virtuose247]

Shapeshift.io, the cryptocurrency exchange was recently faced with a security breach, forcing it to temporarily suspend its operations. The security breach on April 7, 2016, had compromised the platform's server infrastructure which threatened the fate of future transactions on it. In order to fix the system and be sure that nothing is amiss, the company decided to replace the server infrastructure instead of fixing the issues on the existing setup.

In order to completely revamp the platform's backend infrastructure, Shapeshift services were shut down. At the same time, the company is also conducting an investigation into the events and actors behind the server breach. Eric Voorhees, the founder of Shapeshift has been frequently updating the status of the security fix on the platform’s subreddit page. The latest update on the company's page suggests that someone who has or was closely involved with Shapeshift in the past may have had a role to play in the security breach.

http://www.newsbtc.com/2016/04/14/shapeshift-update-security-breach-may-inside-job/

[gentlemand]

So often the way, sadly. Even when we're told it's a hack the chances are it was someone with more straightforward access.

[RealBitcoin]

Almost all exchange hacks are inside jobs, people should have learned from that. Just tell me 1 exchange hack that wasnt an inside job?  The companies need to invest more time in learning about their employees. If this is a trend, then every job interview at a bitcoin company should be very string, to avoid hiring the bad apples.

[eyeknock]

maybe this is another good example about why decentralized exchanges are needed? i hope that things will go in that direction, we could avoid lot of problems.

Almost all exchange hacks are inside jobs, people should have learned from that. Just tell me 1 exchange hack that wasnt an inside job?  The companies need to invest more time in learning about their employees. If this is a trend, then every job interview at a bitcoin company should be very string, to avoid hiring the bad apples.

well not all of them but i must agree that yes, that's an important issue that cannot be avoided.

[unamis76]

I guess it was very convenient at this time to announce this as an inside job. They had to say something at least, and this is what makes them look better. I hope it is true though, they own the truth to their customers... Still curious on how this will end up.

[Bisha]

Meanwhile you can use similar instant exchanges like https://metaexchange.info/

[QuestionAuthority]

Considering the dirtbag Erik Voorhees is involved it's most certainly an inside job. He's the guy that stole 2600 bitcoins from FeedZBirds, worked for BitInstant that was closed and prosecuted for money laundering, bombed the blockchain before it was ready with SatoshiDice and ran to Panama to avoid prosecution for running an illegal security. He's a scumbag that has proven he will do anything to make himself money. If you give any company he's involved with money you're a fool.

[Wendigo]

Dude that metaexchange site is missing so many alt coins it can't even compare to what Shapeshift has been offering. It's really sad what is happening to Shapeshift as it was and still is my go-to crypto coins converter and despite the issues I will still be using it after they have sorted out the current problems. Can anyone suggest an alternative I could use in the meantime? Some coins converter with a nice selection of alt coins? Thank you.

[calkob]

Like most of these hacks we will probably never get tot he truth of what fully happened and Shapeshift will be left with severe reputation damage.    which is sad because the idea and service was good.

[ebliever]

Almost all exchange hacks are inside jobs, people should have learned from that. Just tell me 1 exchange hack that wasnt an inside job?  The companies need to invest more time in learning about their employees. If this is a trend, then every job interview at a bitcoin company should be very string, to avoid hiring the bad apples.

Good point. I'd also suggest doing darn near everything using Multi-Sig, so that one bad actor can do nothing without an accomplice. That's not perfect, but I bet it would be 95-99% effective if each of the company officers entrusted with keys kept them properly secured from one another.

[Labumi]

I guess it does happen due to the fault of the parties concerned, because they are less conscientious to do a collaboration with people who will help him in running the sites that he manage. I think they will quickly fix the problem, because the site is one of a fairly large site and is used by many people. I can only wait for the latest news from this issue

[Lionidas]

Isn't this usually the case. How else would these "top secured" companies that they proclaim they are get hacked in the first place? It is almost always an inside job or they get insider information which they usually use social engineering to obtain it from an employee that does not know better than to trust their better judgement.

[alyssa85]

So often the way, sadly. Even when we're told it's a hack the chances are it was someone with more straightforward access.

Why does crypto attract such shady characters? And why don't they put in place systems that restrict the access of employees to the wallets? The lack of basic risk management is staggering.

[DimensionZ]

I wonder if Shapeshift can pinpoint who among their ex-employees tipped off the outside hacker. But isn't it strange that all of the exchanges that have been breached till now have claimed that it has been an inside job. Looks like this is their favorite phrase of saying 'We are not liable for what has happened to the customers' money'. Companies should have better screening while hiring new people so that they don't end up with the shady employees who can jeopardize their business.

[Kprawn]

So often the way, sadly. Even when we're told it's a hack the chances are it was someone with more straightforward access.

Why does crypto attract such shady characters? And why don't they put in place systems that restrict the access of employees to the wallets? The lack of basic risk management is staggering.

Do you think it is any different with anything else where money is involved? Nope.. my friend, money corrupts and it draws these people in like flies to shit. I'd say 9 out of 10 times,

someone within the organization is part of these so-called hacks. The odd hack that are genuine, are done with social engineering, where a person from outside fool people into

believing that they are part of the operation and then get access to the system. Anywhere where humans are part of the equation and money is involved, people will get

corrupted. 

[Lauda]

Quite an interesting follow-up. I didn't expect it to be an 'inside job' even though this a likely possibility. This is why only certain people need to have security clearance.

But isn't it strange that all of the exchanges that have been breached till now have claimed that it has been an inside job.

No. That is the easiest way in, after human stupidity of course.

[BitcoinSupremo]

So often the way, sadly. Even when we're told it's a hack the chances are it was someone with more straightforward access.

Why does crypto attract such shady characters? And why don't they put in place systems that restrict the access of employees to the wallets? The lack of basic risk management is staggering.

Because 99% of the cases is an inside job and not done from shady characters , although the cryptozone is the best place to scam for a shady character, all those ponzi cloud mining websites which grow up like fungus after the rain, just underscore what you are saying. The best is to not leave your coins in any exchange, just withdraw them directly after trading.

[Herbert2020]

huh! an inside job! these days you keep hearing another big service getting hacked one after another, cryptsy exchanger and now shapeshift and most of these cases say that the hack was an inside job, i wonder why the same thing happens again to another service after a while with same story.