Six employees of Bitstamp were targeted in a weeks-long phishing attempt leading up to the theft of roughly $5m in bitcoin in January, according to an incident report said to be drafted internally by the bitcoin exchange.
The confidential document, posted to Reddit by a single-purpose account, offers an in-depth look into what is believed to be the inside story of the hack, which resulted in the loss of just under 19,000 BTC earlier this year. Since then, the company has offered scant details on what took place behind the scenes, citing confidentiality regarding the investigation into the lost funds.
The report’s findings are notable as they illustrate the risks facing bitcoin exchanges, including social engineering attacks in which personal information is used to trick victims into providing a means of access to sensitive materials.
In the case of Bitstamp, those behind the attack used Skype and email to communicate with employees and attempt to distribute files containing malware by appealing to their personal histories and interests. Bitstamp’s system became compromised after systems administrator Luka Kodric downloaded a file that he believed had been sent by a representative for an organization that was seeking his membership.
The report, attributed to Bitstamp general counsel George Frost, explained:
“On 11th December, as part of this offer, the attacker sent a number of attachments. One of these, UPE_application_form.doc, contained obfuscated malicious VBA script. When opened, this script ran automatically and pulled down a malicious file from IP address 185.31.209.145, thereby compromising the machine.”
Ultimately, the attackers were able to access two servers containing the wallet.dat file for Bitstamp’s hot wallet and the passphrase for that file.
Connect With Us