Cryptsy theft->bankruptcy
dan@geer.org
dan@geer.org
Tue Jan 19 07:10:17 PST 2016
...You probably want to see the article (jpegs of relevance)...
www.databreachtoday.com/bitcoin-heist-steals-millions-from-exchange-a-8803
Cryptsy Faces Potential Bankruptcy Over Just-Revealed 2014 Hack
Mathew J. Schwartz (euroinfosec) o January 15, 2016
Bitcoin Heist Steals Millions from Exchange
Cryptocurrency exchange Cryptsy, which trades bitcoins as well
as more than 100 types of "altcoins" such as litecoin and namecoin,
disclosed Jan. 15 that it was robbed in 2014. As a result of the
breach, the exchange has now suspended all trades and says it
will file for bankruptcy unless the stolen bitcoins are returned.
Florida-based Cryptsy says the attacker stole 13,000 bitcoins,
worth $5 million today, as well as 300,000 litecoins, worth
$970,000 today. The exchange says the theft was not related to
the recent phishing and distributed denial-of-service attacks
that it's suffered. It suspects that the most recent developer
behind Lucky7Coin - LK7 - is the culprit behind the attacks,
based on a backdoor that it found inside its network.
"About a year and a half ago, we were alerted ... a reduction
in our safe/cold wallet balances of bitcoin and litecoin, as
well as a couple other smaller cryptocurrencies," Cryptsy says
in a blog post. It says its investigation ultimately found that
the developer of the Lucky7Coin cryptocurrency "had placed an
IRC backdoor into the code of
wallet, which allowed it to act as a sort of a Trojan, or
command-and-control unit."
The exchange adds: "This Trojan had likely been there for months
before it was able to collect enough information to perform the
attack," which was executed on July 29, 2014. A user of code-sharing
site GitHub in March 2015 detailed that apparent backdoor in the
Lucky7Coin IRC code, noting that it would give an attacker "the
ability to run arbitrary commands on the victim's host."
Cryptsy suspects that whoever originally developed Lucky7Coin
isn't responsible for the backdoor, but rather someone named
"Jack," who claimed to have taken over development of the
cryptocurrency codebase and related code, and who contacted
Cryptsy on May 22, 2014. "You're the only exchange for this coin
and I hope you will let me take care of it. I'm responsible,"
Jack claimed.
Message From New Lucky7Coin Developer
[Cryptsy-720.jpg] Cryptsy says it fell for a Trojan attack
initiated by "Jack."
Connection to Jailed 'Silk Road' Secret Service Agent
Cryptsy is not the first exchange to have faced insolvency after
hackers stole its bitcoins (see Bitcoin Exchange Hacked With
Word Macro). But why didn't the exchange come forward sooner?
Officials at Cryptsy couldn't be immediately reached for comment.
But in the blog post, Cryptsy says it initially tried to cover
the missing funds using its exchange profits and appears to
suggest that everyone would have been worse off, had it gone to
authorities, because its U.S. Secret Service contact was none
other than Special Agent Shaun Bridges. "I think we all know
what happened with him," the Cryptsy blog post notes.
In August, Bridges pleaded guilty to both money laundering and
obstruction of justice. He was accused of abusing his position
while a member of the Secret Service's Electronic Crimes Task
Force that was investigating the notorious darknet narcotics
marketplace called Silk Road (see Former Secret Service Agent
Pleads Guilty to $800K Bitcoin Theft).
Cryptsy, which is a member of the Financial Crimes Enforcement
Network, also says it attempted to contact the FBI Miami field
office recently, but was redirected to the Internet Crime Complaint
Center. IC3, as it's also known, is run by the FBI, the National
White Collar Crime Center and the U.S. Bureau of Justice Assistance;
it deals with Internet crime complaints (see Hackers Claim FBI
Information-Sharing Portal Breached). The exchange says it has
yet to hear back from IC3.
Will Missing Bitcoins Come Home?
Cryptocurrency news site CoinDesk reports that declining trading
volumes have undercut the exchange's profits and that the exchange
has halted trading twice in the past two weeks, blaming one of
those outages on a phishing attack that employed users' email
addresses and phone numbers.
But a class-action lawsuit filed Jan. 13 against Project Investors
- doing business as Cryptsy - and Paul Vernon, who it says is
the founder, operator, and CEO of Cryptsy, alleges that since
November 2015, "certain Cryptsy users started having difficulties
and inabilities withdrawing any and all forms of currency from
their accounts." The plaintiff, Virginia-based Jinyao Liu, "seeks
damages based upon the unlawful conduct of defendants in denying
account holders the ability to obtain funds in their accounts
and in misappropriating funds held in the Cryptsy accounts,"
according to the lawsuit.
Thank you everyone for the patience while we get these issues
resolved. Team is working hard and we will try to do more
frequent updates.
BigVern (@cryptsy) December 10, 2015
In its Jan. 15 blog post, Cryptsy says it now faces a 10,000
bitcoin ($3.8 million) shortfall and identifies three available
business options: It shutters the website and files for bankruptcy;
someone purchases the exchange and makes good on the requested
withdrawals; or the attacker returns the stolen bitcoins - no
questions asked.
While that might sound far-fetched, Cryptsy says that after the
July 29, 2014, theft, based on the bitcoin wallet address tied
to the theft, "those bitcoins have not moved once since this
happened" which "gives rise to the possibility they can be
recovered."
To help, Cryptsy has offered a reward of 1,000 bitcoins ($380,000)
for "information which leads to the recovery of the stolen coins."
Bye-Bye, Litecoins
Cryptsy doesn't reference the fate of the missing litecoins. But
they appear to have been cashed out: On July 2, 2014, someone
dumped exactly 300,000 litecoins - quite a coincidence - onto
an exchange all at once, which was such a large volume of coins
that it temporarily drove down the price of each individual
litecoin from $8.50 to just $2.
As noted on a related Reddit conversation: "The volume was so
high that he basically chewed through the entire buy side of the
order book, all the way down to someone who had (probably on a
lark) put in a buy order at $2," reports Reddit user FreeJack2k2.
"After clearing out the ask side of the order book, the new sell
orders only dropped to the low $7 range (the recovery from $2
was immediate) and eventually got bought back to where we are
now, at around $8. Whoever had that $2 buy order in the books
made out like a bandit."
More information about the cypherpunks
mailing list