BitStamp Hacked by Phishing Attack - Report

Coindesk.com published news on 1st July, 2015 quoting a recent report as "six employees of bitcoin exchange Bitstamp were targeted by phishing attacks for a week leading to a theft of around $5m in bitcoin during January."

According to the report, the first acknowledged phishing attack occurred on 4th November, 2014 when a scamster contacted Bitstamp's Chief Technology Officer Damian Merlak, gifting him free vouchers of a rock concert. After few weeks, scamsters posed as reporters and got in touch with Miha Grcar and tried to get Merlak open a document apparently containing an article for his comment on that but Merlak declined.

The hackers became lucky when system administrator of BitStamp Luka Kodric fell into their trap. Computers of Kodric including his PC had powers to use the hotwallets on the server of the company. Kodric became the perfect target for a phishing scam which hackers successfully cracked by promising Kodric membership in a "special fraternity."

Hackers sent Kodric a range of attached files with maligned VBA script at around middle of December with more information on joining the said fraternity but when it was opened, it directed the system to pull a tainted file off of the Internet. The attack seemed to have installed a remote-access Trojan (RAT) on the system of Kodric by late December. Once the hackers accessed Kodric's computer, they were competent to enter networks of Bitstamp without requiring any more credentials.

The attacker exhausted the Bitstamp wallet on 4th January as evidenced on the blockchain. The report reveals that although the maximum content of this wallet was 5,000 bitcoins at any given time, the attacker could steal more than 18,000 bitcoins throughout the day as customers made additional deposits.

The company framed the episode as a learning experience in spite of losses and the apparent reputational damage and concluded: "This was a major loss for Bitstamp and it creates further doubt on the safety and integrity of the ecosystem of bitcoin. However, it could have been much worse and we are firm to use this as a learning tool and as a basis for improving our technology, security tools, incident response planning and onwards.

» SPAMfighter News - 7/16/2015