The news of a hack at Bitcoin/ Cyrptocurrency exchange ShapeShift AG has taken a turn for the worse with the discovery that the hack itself was an inside job.
According to a new update by ShapeShift Chief Executive Officer Erik Voorhees, the culprit has been identified as someone who had previously worked for the exchange.
“Since the investigation into the ShapeShift hack last week started, we had suspicion that someone previously on the team was involved, and that this person assisted an outside hacker,” Voorhees wrote. “We are confident now that is is indeed the case.”
“The story continues to unfold, and evidence continues to be revealed. We have been working with a forensic specialist from LedgerLabs, who has been terrific,” Voorhees added, before noting that “a civil suit is ongoing, as are multiple criminal investigations of the perpetrators.”
The hack itself saw no theft of customer funds (although an undisclosed amount was stolen directly from the company) as that unlike other exchanges ShapeShift itself never holds funds versus facilitating trades between customers themselves, a built-in feature that has been previously described as being “safe by design.”
That said, Shapeshift remains offline at the time of writing as the company works to return with a safer platform.
“Our team continues to revise and rebuild infrastructure, hardening not only prior vulnerabilities, but future potential attack vectors,” Voorhees noted. “It has been inspiring to see anti-fragility in action as ShapeShift gets stronger.”
Customer refunds for prior pending orders are said to be in the process of being resolved; although no customer funds were stolen funds involved in an exchange are placed into a form of escrow not held directly by ShapeShift itself, and with the order platform itself currently offline, remain in limbo so to speak.
Voorhees promised that a more detailed post-mortem will be released at the appropriate time after forensic work is complete.
We said it when the story first broke, but it’s worthy of repeating it again: despite their troubles Voorhees and the team at ShapeShift should be praised for their level of transparency post hack.
An article on Medium titled “Three reasons the Bitcoin community should be happy ShapeShift was hacked … ” by a writer named PatrolX says it better than we can, noting that the “absence of bullshit and cover up” is a lesson many other companies can learn from, and that:
ShapeShift clearly puts the customer first, unlike exchanges that have gone before it. It is a business with integrity that has sound leadership and a business model that I’m certain will become incredibly successful…We need more services in the cryptocurrency space that have the levels of honesty, integrity and leadership that Erik Voorhees exhibits.
Like the writer there, we too look forward to seeing ShapeShift back online, because unlike many before it, it’s actions in the face of a hack make them worthy of the communities support.