SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
20 Jan 2016

Bitcoin trader Cryptsy robbed via IRC backdoor

Cryptsy, a website used for trading Bitcoin, Litecoin, and other crypto-currencies, recently revealed that it had been robbed, accusing a $5.7 million theft and suspending trades and withdrawals.

According to Cryptsy, the theft took place on July 29, 2014, but they decided to go public with the incident only now, after unsuccessfully trying to involve the FBI. In an announcement, the Cryptsy team said that recent problems users have been experiencing are related to this incident and not to recent phishing or DDoS attacks.

The notice said the culprit was found to be the developer of Lucky7Coin (LK7), who placed an IRC backdoor into the code of wallet, and that the malicious code acted as a Trojan, or command and control unit. The Cryptsy team suggests that the Trojan was present in their system for months before the attack happened, most likely for about two months.

This specific period of time was mentioned because the team received an email on May 22, 2014 from a person claiming to have taken over the Lucky7Coin development, informing them that the IRC network has been changed so that clients could “synchronize blockchain,” and that they should update as soon as possible.

Since this person was not the original Lucky7Coin developer, the team suggests that they are responsible for the attack, and that the backdoor was introduced in this update. The GitHub report for LK7 hasn’t been modified for the past two years, with the latest commit added on May 21, 2014. Following the attack, Cryptsy discovered that the perpetrator stole around 13,000 Bitcoin and 300,000 Litecoin, amounting to roughly $5.7 million. After discovering the theft, the website decided to use its reserves of those cryptocurrencies and to pull from its profits to fill the wallets back up over time.

However, profits decreased due to low volume and low Bitcoin prices, and things started to crumble in October, after Coinfire published an article that, according to Cryptsy, “contained many false accusations.” Cryptsy’s Paul Vernon officially responded to the accusations, but they caused a bank-run, and the website’s problems started then.

According to the website, the stolen Bitcoins haven’t moved since the incident, which would suggest that there might be a small chance that they can be recovered. In fact, Cryptsy, which notes that their current customer liability is around 10,000 BTC, is offering a bounty of 1,000 BTC for information which leads to the recovery of the stolen coins.

Furthermore, the website claims that the perpetrator won’t be investigated and their name won’t be revealed if they return the stolen coins. “We will assume that no harm was meant” should the culprit returns the coins no questions asked, Cryptsy says, adding that the entire community might start looking for the perpetrator otherwise.

The website explains that they did not alert the authorities, as they did not want to cause panic, and were not sure who to go to, although they had communication with Secret Service Agent Shaun Bridges. Last year, however, Bridges was charged for stealing Bitcoins during an investigation of the Silk Road underground market.

Cryptsy also notes that they alerted the Miami FBI, but were redirected to report the issue on the I3C website and that no reply was received so far. For the time being, the website is suspending trades and withdrawals indefinitely until a solution to the problem is found, one of the options being to file for bankruptcy, letting users file claims via the bankruptcy process, and letting the court make the disbursements. However, they are also willing to agree to an acquisition, under the terms that the entity acquiring Cryptsy would be making good on requested withdrawals.

For the time being, the website has decided to clear out the order books place all funds back into user accounts. The website also prompted a force password reset for all user accounts after being hit by a phishing attack attempt last week. Cryptsy users will have to change their passwords on their next login to the website.

Tags:
Cryptsy information leaks Bitcoin
Source:
SecurityWeek
2171
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015