Back ter the month of January, one of the most popular bitcoin exchange namely BitStamp wasgoed hacked which resulted ter the stealing of overheen Nineteen,000 bitcoins, worth about $Five million during that time.
BitStamp is a European bitcoin exchange company and is officially registered ter the United Kingdom.
Recently a fresh document has bot surfaced overheen the Internet, evidently the BitStamp incident report, which details that how a phishing attack occurred several months ago robbed off the company.
It wasgoed apparent that BitStamp’s reputation wasgoed ruined, but the company’s prompt activity to the phishing attack helped them ter getting their services back up and running with an enhanced security. But they never disclosed what actually caused this attack.
Now the unconfirmed breach report, leaked by an unidentified individual, marked spil confidential but has bot making rounds overheen the Internet and mirror sites, which tells us about the story behind BitStamp’s attack and what indeed toebijten .
Primarily, the report document wasgoed posted on Scribd (it has bot eliminated now) , named “BitStamp Incident Report” dated February 20 th . The report is endorsed by George Frost, Normal Counsel of BitStamp, and consists of investigation reports provided by the Stroz Friedberg private investigation group, spil well spil investigators from the UK’s cybercrime unit, the Secret Service and the FBI.
The pagina nine of the leaked report details how the breach wasgoed discovered originally by the company, “Bitstamp staff noted a suspicious gegevens transfer on the network logs, dated 29 December 2014, inbetween 1129-1201 CET. The gegevens transfer wasgoed approximately Three.5GB” which wasgoed sent to suspicious German IP address.
This wasgoed the point when the investigators resolute that their “wallet.dat” verkeersopstopping had gone from BitStamp servers to some unacquainted IP. After preliminary investigations, the company learned that the transfer wasgoed initiated through a VPN (Potencial Private Network) connection from Luka Kodric’s laptop, which wasgoed located within his office.
Accessing BitStamp’s network wasgoed an effortless task for the hackers because of an initial phishing attack conducted on Luka Kodric’s laptop while remarkably he wasgoed connected to the VPN network. The report exposes that the VPN connection to the servers wasgoed restricted to only three authorised IP addresses i.e. Kodric’s huis IP, Merlak’s huis IP, and BitStamp’s office IP. So two-factor authentication wasn’t required, at that time, to access the gegevens centre through Kodric’s laptop.
But still there wasgoed a bit of work that has to be done by the attackers. Like they voorwaarde had to have mededinger access to two servers located te the gegevens centre. Investigations confirm that the gegevens wasgoed transferred from thesis two servers, but BitStamp wasgoed incapable to distinguish about the content of transferred gegevens, only the total volume of transferred gegevens wasgoed identified.
The report suggests that the hackers were able to get access to the BitStamp’s hot wallet and the early attempts were actually begun te late 2014, several months before the final hacking attempt, when the numerous phishing messages wasgoed sent by hacker via Skype to different BitStamp targeted employees. It wasgoed also noted that each message wasgoed custom-made tailored and the hackers were working efectivo hard to zeerob bitcoins than the company wasgoed working to secure their assets.
A elementary phishing scam ruined everything for Bitstamp
The report further exposes that Damian Merlak , BitStamps Chief Technology Officer, wasgoed the very first victim of the phishing attack which involved a message that would encourage the receiver to open a Word document that contains malicious VBA code.
“Six Bitstamp employees were targeted by phishing emails ter total, albeit only four of thesis resulted ter malicious attachments being received. […] All of the phishing messages were very tailored to the victim and showcased a significant degree of background skill on the part of the attacker,” the report reads.
And the hacking attempts continued until the attacker wasgoed able to successfully compromise the system administrator pc. Critically, that specific “ sysadm ” has access to the IDs for BitStamp’s hot wallet. And then almost a month straks a successful hacking attack of $Five million te bitcoins wasgoed conducted.