Leaked Report: Phishing Attacks Led to $5.3 Million Bitstamp Hacking

A recently leaked report, removed from the web upon request from Bitstamp, says that the January hacking of the Exchange was caused by a phishing attack.

The attackers apparently had very good intelligence on six Bitstamp employees, and attempted to lure them with customized e-mail and Skype messages.

Bitstamp lost close to 19,000 bitcoins ($5.3 million) in the attack on its hot wallet, and could have lost more had it not kept the bulk of its funds offline.

The report, compiled by forensics investigation firm Stroz Friedberg in February, says:

"All of the phishing messages were highly tailored to the victim, and showed a significant degree of background knowledge on the part of the attacker."

In one attack, an employee was asked to fill out an MS Word document to get free tickets to Punk Rock Holiday 2015. The file apparently contained a malicious macro, which may have failed to execute.

Bitstamp's luck ran out when systems administrator Luka Kodric, who had access to the hot wallet, received a phishing e-mail, ostensibly from the Association for Computing Machinery. After following up via skype, he too received an application form, which installed a remote-access Trojan on his system.

From there, the attacker copied the Bitcoin wallet file and passphrase. Even though the hot wallet can contain no more than 5,000 BTC at any given time, the attacker continued to drain its contents as new deposits came in.

The report's authors go on to state:

"We believe we have identified at least one of the hackers and are baiting a 'honey trap' to lure him into the U.K. in order to make an arrest. Moreover, we need to be very careful not to educate other criminal hackers about how we safeguard our assets and information."

Security experts have pointed out the dangers of storing server credentials on the same machine as for checking e-mail. Bitstamp has reportedly addressed this issue in a system revamp for which it has spent $650,000 to date.

A recently leaked report, removed from the web upon request from Bitstamp, says that the January hacking of the Exchange was caused by a phishing attack.

The attackers apparently had very good intelligence on six Bitstamp employees, and attempted to lure them with customized e-mail and Skype messages.

Bitstamp lost close to 19,000 bitcoins ($5.3 million) in the attack on its hot wallet, and could have lost more had it not kept the bulk of its funds offline.

The report, compiled by forensics investigation firm Stroz Friedberg in February, says:

"All of the phishing messages were highly tailored to the victim, and showed a significant degree of background knowledge on the part of the attacker."

In one attack, an employee was asked to fill out an MS Word document to get free tickets to Punk Rock Holiday 2015. The file apparently contained a malicious macro, which may have failed to execute.

The report's authors go on to state:

"We believe we have identified at least one of the hackers and are baiting a 'honey trap' to lure him into the U.K. in order to make an arrest. Moreover, we need to be very careful not to educate other criminal hackers about how we safeguard our assets and information."

Network, Learn, Grow | FMAS:24

Get ready to mark your calendars for FMAS:24, returning this May! Take a quick glimpse of what awaits at the Sandton Convention Centre in Sandton, South Africa from May 20-22, 2024. Don't miss out on this 5-second invite packed with energy and urgency! Secure your free ticket now 🔗 https://events.financemagnates.com/yQx0l?utm_source=youtube&utm_campaign=fmas-is-back&utm_medium=video&RefId=FMAS24+Video+Ad+%5B1%5D #fmas24 #fmas #fmevents #financeinafrica #traders #investors #affiliates #forexTraders #investmentOpportunities #B2BNetworking #finTech #Innovations #TradingCommunity #BusinessOpportunities #AfricanBusiness #Johannesburg #southafrica 📣 Stay updated with the latest in finance and trading! Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today: 🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/ 👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents 📸 Instagram: https://www.instagram.com/fmevents_official 🐦 Twitter: https://twitter.com/F_M_events 🎥 TikTok: https://www.tiktok.com/@fmevents_official ▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!

Get ready to mark your calendars for FMAS:24, returning this May! Take a quick glimpse of what awaits at the Sandton Convention Centre in Sandton, South Africa from May 20-22, 2024. Don't miss out on this 5-second invite packed with energy and urgency! Secure your free ticket now 🔗 https://events.financemagnates.com/yQx0l?utm_source=youtube&utm_campaign=fmas-is-back&utm_medium=video&RefId=FMAS24+Video+Ad+%5B1%5D #fmas24 #fmas #fmevents #financeinafrica #traders #investors #affiliates #forexTraders #investmentOpportunities #B2BNetworking #finTech #Innovations #TradingCommunity #BusinessOpportunities #AfricanBusiness #Johannesburg #southafrica 📣 Stay updated with the latest in finance and trading! Follow FMevents across our social media platforms for news, insights, and event updates. Connect with us today: 🔗 LinkedIn: https://www.linkedin.com/showcase/financemagnates-events/ 👍 Facebook: https://www.facebook.com/FinanceMagnatesEvents 📸 Instagram: https://www.instagram.com/fmevents_official 🐦 Twitter: https://twitter.com/F_M_events 🎥 TikTok: https://www.tiktok.com/@fmevents_official ▶️ YouTube: https://www.youtube.com/@FinanceMagnates_official Don't miss out on our latest videos, interviews, and event coverage. Subscribe to our YouTube channel for more!