THELOGICALINDIAN - Bitcoin as any arrangement of man exhibits calm both the accomplished ethics of utopia and the everyman balance debris of association
[Note: some names & acute capacity accept been changed]
This is the adventure of how ShapeShift, a arch blockchain asset barter platform, was betrayed. Not once, not twice, but three times in beneath than a month.
In total, about two-hundred thousand dollars in cryptocurrency was baseborn by thieves aural and without, not to acknowledgment the cogent assets expended in its wake. Nevertheless, no chump funds were anytime absent or at risk, a anniversary for an industry pocked with accomplished tragedy, and ShapeShift itself has acclimatized and rebuilt, ashamed by the acquaintance learned, and anytime added adamant in its mission of safe, bland asset exchange.
In the spirit of Bitcoin’s openness, we capital to allotment this adventure with the community; may you be informed, entertained, reflective, and ever-diligent in your own affairs.
The Backstory
Since its birth in the Spring of 2024, ShapeShift has been an evolving creature. What began as a quick beginning way to bandy amid Bitcoin and Litecoin grew into an avant-garde agent for the effortless barter of all above blockchain assets, anniversary one into the other, with no user friction. No user accounts. No signup process. It is the Google Translate of cryptocurrency.
And we’ve consistently been arena catch-up. Trying to body at the acceleration of this industry, not alone forth the vertical of Bitcoin proper, but forth the across of all crypto, is a challenge.
Last Fall, we accomplished the “minimum applicable product” server architectonics accustomed originally for ShapeShift was insufficient. We bare a able to accompany the baby team, and ability a scalable, and secure, server accoutrement aloft which our technology could grow.
We assassin such a person, and patted ourselves on the aback for our proactive decision. On paper, he looked great; the advertence we alleged accepted his above-mentioned role and responsibility. He’d alike been into Bitcoin back 2024/2024 and had congenital miners in his room. Awesome. We’ll alarm this new agent Bob… absolutely his absolute name starts with a B.
Over the abutting months, Bob congenital and managed ShapeShift’s infrastructure. He did okay, annihilation special, but we were agreeable to accept a able demography affliction of devops at atomic able-bodied abundant to accredit our engineers to body aloft the architecture.
In the aboriginal division of this year, as the bazaar apparent what we already knew – that our apple will be one of abounding blockchain assets anniversary defective clamminess with the added – barter volumes surged at ShapeShift. Ethereum was on the rise, specifically. Our basement was not accessible for the clip of growth. It was like benumbed a bike aloft which jet engines aback arise full-thrust
Unfortunately, Bob did little to be helpful. He puttered about aimlessly while the aggregation formed continued hours to accumulate the address together.
Scratch that, actually, Bob was not aimless.
He was advancing to abduct from us.
The Genesis Betrayal
On the morning of March 14th, in the bosom of one of our heaviest aggregate weeks ever, I get a alarm from our Head of Operations, Greg. “Erik, our hot wallet is missing 315 Bitcoin.” Why did we accept so abundant in a hot wallet, you ask? Well, with volumes surging, our hot wallet would be drained through accustomed business in an hour at that level, which again appropriate connected chiral rebalancing. Are there means to automate and abate that risk? Absolutely… but hindsight of one’s development priorities is consistently 20/20.
So 315 Bitcoin was gone.
To those who accept accomplished such incidents, the activity of affection is profound. It’s a deep, afflictive state, that doesn’t stop at the bend of banking loss, but permeates bottomward to one’s core. When systems are breached, systems that one has engineered and cared for deeply, obsessively, that abuse of what one considers safe and defended is very, actual uncomfortable. And again there’s the accident itself. 315 Bitcoin… almost $130,000. That’s academy tuition, allotment of a house, aliment for ten years… a brace months of payroll. It’s a lot of money for a pre-profit startup.
I rushed to the office, acquisitive there was some mistake. The alone abating anticipation was that the accident was alone our own money. With no chump accounts, neither chump funds nor claimed advice were at accident from the hack. That was by architecture from the alpha of ShapeShift; one of our tenets. But alike if cipher adjacent is harmed, a bite in the face still hurts like hell.
Myself, Greg, and our two advance engineers caked through logs and servers, aggravating aimlessly to amount out what had happened. The 315 BTC went to an alien Bitcoin address, and was sitting there.
Indeed, it sits there still: https://blockchain.info/address/1LchKFYxkugq3EPMoJJp5cvUyTyPMu1qBR
Despite our agenda to all advisers to appear into the appointment urgently, Bob, our arch IT guy, the one amenable for aegis and infrastructure, arrives at 11:30am.
We ask Bob to accompany our discussion. We acknowledge the drudge to him. We ask him if he had logged in at all that morning, to which he responded no (on several occasions). On the new of the theft, he seems neither decidedly abashed nor outraged, yet it was his aegis that bootless us. Immediately, he starts pointing to red herring explanations, “It charge be one of the exchanges that got hacked, that happens all the time.” Umm, our barter accounts are fine, Bob.
“Well, attending at the IP address, it happened about off west Africa.” Umm, IP addresses on block campaign announce alone the aboriginal bulge that noticed a transaction, and are about absurd in the ambience of Bitcoin, Bob. (What affectionate of Bitcoiner doesn’t apperceive that?)
Very quickly, we apprehend he is appealing abundant useless. Here we accept our “server guy” and he has aught able comments about a drudge adjoin his own infrastructure.
While cloudburst over logs we noticed, however, a brace SSH keys (belonging to Bob) that had logged into the breached server that morning an hour afore the rogue transaction, and again logged off two account after. Not nefarious, necessarily, for absolutely Bob’s keys would be accepted to log in periodically, admitting the timing was aberrant (6am-ish in the morning). We additionally apparent the aperture occurred over the VPN, acceptation addition in the office, or addition with admission to our VPN, committed the theft.
We ask anybody with server admission to accommodate the fingerprints of their SSH keys so we can alpha comparing them to logs. Anybody does so, but addition aberrant thing: the fingerprint of the key handed in by Bob doesn’t arise in any logs. It appears cast new. Aberrant that the key of the server admin would never accept been apparent on any server…
Soon after, Bob decides it’s time for his cafeteria break, and we don’t see him for an hour, during the affliction adventure in ShapeShift’s history. We bluntly didn’t affliction that much, he wasn’t accessible and suspicions were starting to edge in. He tells all of us that he’s abrogation his laptop accessible to download some logs, and makes abiding we see that the laptop is larboard open. He’s actuality a little weird.
Upon his acknowledgment an hour later, he is sitting bottomward with added engineers still investigating what occurred. I’m in the added allowance on a call. When I accomplishment my call, I appear analysis on the progress. Bob appears to accept a alarm “from his mother who needs to go to the hospital.” He packs up his stuff, grabs his dog who was at the office, and active out. We’re all bisected adequate for his abandonment and bisected in awe… did our server admin absolutely aloof leave for the additional time during our investigation, which he should be leading?
He says, “I’ll be aback aural an hour.” This was at about 3pm, March 14.
We never saw him again
Shortly afterwards he leaves, one of our engineers pulls myself and Greg aside, and says, “While you were on your call, we were all sitting about the table, and we saw in the logs that Bob deleted two SSH keys while he was sitting there with us, again he grep’d several times for them [a server command to acquisition specific text], and again he left. Those two keys akin the two keys we saw in the log this morning which accessed the Bitcoin server aloof above-mentioned to the hack.”
He aloof deleted his keys from the server?? Well fuck. Guns don’t get any smokier than that.
We all anon move to the acceptance that Bob blanket the funds. He is out of the building, and so we alpha locking aggregate down. All keys are afflicted in alacrity (well, about all).
We assignment for a few added hours, no chat from Bob. No calls, no texts, nothing. By the end of the day, it had been 3-4 hours back he larboard to “take his mother to the hospital.” We adjudge to alarm him, after absolution on our suspicions aloof yet.
“Hey Bob, area are you?.”
“Oh hey, I aloof absitively to go home.”
“You’re at home?”
“Yeah, aloof here, alive on some stuff.”
WTF?
That alarm is innocuous, but we recorded it. We additionally recorded the abutting one 30 mins later, in which we accost him with some of the evidence.
“So Bob, it looks like you deleted your SSH keys, and gave us a new key that had never accessed any servers.”
“Yeah, able-bodied I deleted them because I didn’t anticipate they were important.”
Yes, he absolutely said that. Our server admin, in the bosom of an analysis into a $130,000 theft, deletes his two keys, and alone these two keys, after cogent anyone, and again admits on our alarm that he did it because “they weren’t important.”
It aloof so happens those two keys were the exact ones logged into the Bitcoin server that morning, and which logged off two account afterwards the annexation transaction. Not important indeed!
He gives no account of his behavior or accomplishments that day, but dances about questions and implies, cautiously at first, and again added explicitly, that we’re actuality racist.
“Umm Bob, we’re targeting you because your keys were on the server, and you deleted them and left, during an alive investigation.”
It goes on like that for 45 mins. He says added antic stuff, all recorded.
We bare added affirmation details, and there is a faculty of abatement afterwards alive absolutely what happened and who was responsible. We absorb the blow of the black documenting everything, and advancing to book civilian and bent accuse adjoin Bob.
I accord him a final adventitious that black for redemption. In a bulletin to all employees, so as not to force him to accuse himself by responding,
I get a acknowledgment bulletin from Bob at 4:36am, “I didn’t annul any keys and I consistently log into servers to analysis them out.”
Right, except that we accept him already on almanac adage he did annul the keys and hadn’t logged on that morning. His amateurishness at lying appears outmatched alone by his amateurishness in server administration.
He goes on, with absorbing boyish flare…
The abutting morning, our accepted admonition writes a academic letter (via email and post) to Bob, analogue some of the affirmation that we knew, and ambitious the baseborn acreage be returned. It additionally notified Bob that his application was concluded (I anticipate that was fair, considering). In response, Bob emails aback to the lawyer, acclamation none of the affirmation whatsoever, “Your audience are racist so accomplish abiding you apperceive who you’re ambidextrous with.”
It’s like he was cutting his internet broadcast hat in absolute life. Did he not alike accept the calmness of the situation? Well… the applesauce was aloof accepting started.
Over the abutting days, we book the academic civilian complaint. The abode Bob had accustomed us was a PO box, admitting we had his acknowledged name, his coffer info, and his amusing chains number. We assassin a clandestine investigator. We begin his accommodation aural a brace days. Several attempts at account failed, admitting the investigator heard a dog barking abaft the door. One of his cars was found; he drives two bare retired badge cruisers.
I accept investors to whom I owe a akin of agreement diligence, so, we additionally fabricated arrange for a bent case, and herein the annexation constitutes a Class 3 Felony, with 4-12 years in prison. Honestly, I don’t affliction whether he is punished. I affliction whether we are fabricated whole, and whether he realizes his absurdity and changes his activity to become a bigger person. No assurance yet, of that.
We apprentice some added things. Bob has above-mentioned badge annal in Florida, area he’s from. Incidentally, the annal announce he’s white, afterwards all.
With civilian and bent cases proceeding adjoin him, and with added analysis that Bob fled to Florida (leaving his dog to be briefly cared for by his neighbor… who is now apprehensive area he is and hasn’t heard from him in weeks), we anticipation the case was basically closed. We’d get him somewhere, eventually or later. And, hopefully, we’d get our baseborn acreage returned, or the authorization equivalent.
Rovion
We’d formed to body a new server basement in Bob’s wake, bold his assignment in our arrangement to be abundantly compromised. We set up a new billow architectonics with a aggregation we’ll alarm CloudCo.
It’s now the anniversary of April 4th, and we were about accessible to go alive with this new billow infrastructure. Then all hell break loose. Again.
On Thursday April 7th, about midday, we apprehension a agglomeration of Ethereum had larboard the hot wallet on the new basement at CloudCo. The NEW infrastructure. The basement that was not alike accessible yet. At first, we believed our cipher had done article weird, conceivably across-the-board funds to a development server abode or similar. Again we noticed a agglomeration of Bitcoin was additionally missing. And again Litecoin also.
Thief’s Bitcoin address: 14Kt9i5MdQCKvjX6HS2hEevVgbPhK13SKD
Thief’s Ethereum address: 0xC26B321d50910f2f990EF92A8Effd8EC38aDE8f5
Thief’s Litecoin address: LL9jqgXVqxUbWbWVaJocBcF9Vm8uS3NaTd
And actual bound absoluteness hits you, and that’s what anamnesis feels like. The abhorrent biconcave activity sets in immediately, already again. What the fuck happened?
Keys that were not alike on about accepted servers had been compromised, somehow. We shut the arrangement down, including our alive assembly site, while we investigated. We didn’t lose as abundant as the drudge a ages prior, because we’d be befitting wallets somewhat conservative, but it was still absolutely a bit. We couldn’t accept it. How could cast new keys, generated with cast new infrastructure, be compromised?
After several hours of abortive investigation, we adjudge that one of the best acceptable explanations is that the billow aggregation itself was compromised. This has happened afore in Bitcoinland. We anticipation CloudCo was reputable, but who knows? Clouds are actual acceptable and scalable, but on some akin you’re dupe that aggregation with your infrastructure. We absitively we had to accumulate the armpit bottomward for at atomic 24 hours, and apprehension our asses to prepare, yet again, an absolutely new basement on an absolutely new set of servers.
What was about as bad as the money absent was not alive how it happened. Logs were not done as able-bodied as they should accept been, so they accepted fruitless. Indeed, they had been wiped.
Despite that, we watched the blockchains for the afraid funds. We tracked some to an barter account. We got contour advice of the depositor.
Name: Rovion Vavilov
Email: [email protected]
Address: Chayanova St. 15, Moscow
DOB: Feb 2, 2024
Phone: 7 9625148445
That contour advice was apparently fake, but I emailed him that night.
From: Erik Voorhees [email protected]
Subject: ShapeShift Hack…
Pro Tip: Black hats like to be accustomed for their skill, behindhand of how abandoned their accomplishments may be. Talk to them calmly, as adults. They may acknowledge information, or advice in some way. It’s weird, but it happens. In any case, I didn’t apprehend annihilation to appear of my email.
The blow of that night, and into the abutting day (Friday, the 8th), the aggregation formed feverishly to apple-pie aggregate on new infrastructure, already again, in a wholly apple-pie ambiance on a wholly abstracted host.
Now to many, ShapeShift appears to be a simple web service. It’s taken a lot of assignment by our engineers to accumulate up that appearance. Behind the scenes, the belvedere is complex. Over 1,400 absolute asset trading pairs, integrations with bisected a dozen barter API’s acute real-time amount advice on all offered cryptocurrencies, low-latency account API’s to several dozen partners, the ecology and adding of consistently alteration barter ante and adjustment book abyss in some of the best airy markets on Earth, and assimilation of what can alone be declared as alpha-level software in assorted states of ataxia (coin daemons…bleh).
And in Bitcoinland, indeed, and there is no adviser book.
Admittedly, as a non-engineer myself, I can alone occasionally glimpse the breeding of what we’re building. I ambition I could booty credit. To our aggregation account this, you accept engineered an amazing apparatus and should be actual appreciative of it.
And now actuality is area the adventure deepens
Around mid-day on Friday, the hacker responds to my email (remember I had asked him how he did it…)
From: [email protected] (noted new domain)
To: Erik Voorhees [email protected]
Subject: ShapeShift Hack…
That was the absoluteness of that aboriginal email, but we were stunned. For a moment, we thought, “Is Bob the hacker?” Quickly, that angle gave way to the added acceptable answer: that Bob awash or gave abroad our advice to a hacker, who again exploited it.
Bob betrayed us. He betrayed his advantaged position, profiting anon from the abolition of those who trusted him. He stole, lied, ran away, and afresh afterwards actuality afforded a aeon of time continued abundant to reflect aloft his actions, absitively to carelessness us afresh for a few added debris in his affecting bowl. Hackers gonna hack, but it takes a assertive array of adulterated to arise to a trusted position, assignment face to face with a team, accept a bacon and aplomb from that team, and afresh spiral them all for almost abundant money to buy a Tesla. Oh yeah, and afresh carelessness a dog to abjure alone, acceptable anon to be put bottomward by beastly services.
Watch out for these bodies in your lives. If you doubtable them, bisect ties quickly.
Anyway, afterwards able-bodied efforts, we had aggregate accessible by Friday night, 24 hrs later. We launched the armpit on yet a new provider, who we’ll alarm HostCo. Despite a brace glitchy bugs, the arrangement was running. We had told the accessible about the drudge and absitively to absolution added capacity already we advised the compromised ambiance in added detail later.
Exchange orders started up immediately. We breathed a blow of relief. I fell comatose about 1am and slept peacefully, beat from the affliction and actual appreciative of the team.
Then it was Saturday 9am, and I alpha arising from slumber. My buzz rings. It was Greg.
“We were afraid again. Bitcoin and Ethereum taken from the HostCo hot wallets.”
I’m bashful on the phone. I’m cerebration only, “Is this the fucking apocalypse?!?”
It didn’t assume possible. The drudge two canicule above-mentioned didn’t assume possible, and this now was aloof badly ambagious and depressing. I acquaint Greg to booty the armpit bottomward afresh and I’ll alarm him aback in 30 minutes. How the hell are we activity to explain this to the community, to our customers… to our investors? How do we alike explain it to ourselves?
I get out of bed, not panicked, but aloof activity absolutely defeated. I booty the affliction battery of my life. Anger surrounds me… we knew Bob was complex from the hacker’s email, and we knew Bob committed a Class 3 abomination adjoin us, which the authorities knew about three weeks ago, and our clandestine investigator had provided all the advice bare for an actual conviction. And now this happens.
As I accumulate my thoughts, I adjudge it’s time to alarm in some able resources.
Michael Perklin, Head of Security and Investigative Services at Ledger Labs, and administrator of the Steering Committee for the Board of CCSS, is aboriginal on my list. He’s in Toronto, and agrees to fly out to accommodated us that evening. He was on his way to the hospital; he had a toe burst in an accident he’d adopt not to discuss. He changes advance and active to the airport. What a champion.
I additionally babble added with active of several arch exchanges. None of them like thieves, and are acquisitive to help. Despite its animated clip and assortment of opinions and interests, this industry comes calm back it needs to.
1500 ETH recovered, and exchanges are hunting for more. The bandit is apparently agitated by this… it sucks to be baseborn from, afterwards all.
Fireside Chats with the Thief
In alongside to all that, I apprehend afresh from the bandit via email. I had responded to his “One word: Bob” bulletin by allurement if he would accommodate added info. He mentions that for a price, he may.
“hi” he says.
I align to pay him 2 BTC for information.
“I charge to apperceive what your affiliation to bob is” I ask. I approved to abstain pre-empting details.
He replies, “I got advice that Bob “hacked” you while I was aggravating to drudge you too. I had some admission afore Bob afraid you but not abundant to get the bill myself.”
“What do you apperceive about Bob hacking us?” I ask
“Inside job. 315 BTC.” he replies. “I talked to Bob afterwards he took the coins, asked him about how I could drudge it too. He gave me added advice about the basement and some keys.”
I ask, “Why would he accord you advice and what did he accord you?”
Rovion responds, “Because I offered BTC. IP addresses, server roles, users, a alive SSH key. Does not assignment anymore.”
We babble further, and he reveals Bob’s email that he announced with: [email protected].
While I had not apparent that email before, it seemed familiar. I anticipation for a while, and again accomplished that Bob generally commissioned 0’s for o’s, including on one of the two keys which he had deleted from the server (the specific key was called article which, if displayed, would accord abroad Bob’s absolute name). That, and the actuality that one of Bob’s accepted countersign variations was “m0m0ney.” Our aegis guy acclimated l33tspeak for his passwords. Absolute secure.
As bright as it had been that Bob had baseborn our funds a few weeks prior, it was now bright that this hacker, Rovion, was giving us advice accompanying to Bob that alone Bob or those with whom he had absolutely interacted would know.
Another thought, could this hacker accept absolutely affected Bob from the beginning? Sure, perhaps, but every activity of Bob’s aback on March 14th credibility abroad from that explanation, accurately Bob deleting his own keys appropriate beneath our adenoids and again abrogation the office, never to return. Other affirmation not listed actuality added counters that theory.
Back to the babble with Rovion… I ask which “working SSH key” he had obtained. “None of your business,” he responds, “but he told me he got it from a coworker’s accessible laptop.”
Wow. If true, that agency Bob, while alive at ShapeShift, accessed a coworkers computer and affected a key (or more?), at some point afore he blanket the funds. Did he premeditate the accomplished thing, I wonder?
I try to get added information, but Rovion is unforthcoming. His aftermost message…
By the aboriginal evening, our argumentative investigator, Michael Perklin, had arrived. I best him up from the airport. We had absitively to authority off on dabbling about in our servers until he was there. While the hacker gave a ambiguous faculty of how he came aloft abstruse information, we didn’t absolutely apperceive the specifics of the breach. Keys had been afflicted afterwards Bob’s departure, and while we begin one key we hadn’t remembered to change, it alone had admission to a server that could not accept baseborn the funds on the above-mentioned Thursday. And again, it wouldn’t at all explain how the Saturday morning annexation occurred. Both CloudCo and HostCo had funds baseborn off them, admitting them actuality congenital as absolutely new environments with wholly new keys.
Michael asked me to back to him the accomplished adventure of the accomplished month. He proceeded through his analytic protocol, which included the acceptance that cipher at the aggregation was trustworthy. It was adamantine to altercate that the aggregation was trustworthy, accustomed the actuality that this all started with a rogue employee. It was a black feeling.
Many absorbing capacity could be added actuality about how such argumentative assignment is done, but amplitude is bound and it’s apparently childish to acknowledge every such method. After a while, we affable into the logs themselves, advancing the Saturday logs first. They were deleted, best of them. How were they deleted? We weren’t sure.
We apperceive now how to anticipate that… indeed, the acquaintance we’ve accustomed throughout this adventure has been badly valuable. Though it sounds cliché, if your startup is complex in accepting advice or servers whatsoever, do yourself a favor and accompany in 3rd affair able advice actual early. We hadn’t bare it at first, because we were small. But advance all-overs up on you, and afore you apperceive it you are accepting cogent assets with sub-standard methods.
While abundant of the logs were gone, we in actuality recovered a abundant allocation of them off the “empty” deejay amplitude itself application argumentative techniques. This was aloof lucky. Perhaps the Ghost of Satoshi was attractive out for us (could accept acclimated his advice a anniversary ago, of course!)
From the recovered data, we apparent the malware, if that’s the appropriate term. There was a program, accounting in Go, installed on a acute server which announced with coins. This affairs had its dates afflicted to arise constant with the bureaucracy of the server, and its filename fabricated to attending innocuous. But it was the absolute apparatus by which funds were stolen.
udevd-bridge it was called
We were animated to acquisition it (and yes, the aforementioned affair appeared in both server environments, CloudCo and HostCo). However, it still didn’t explain how it was put there. We had a lot of information, but not the accomplished story.
And we wouldn’t accept the accomplished adventure for a brace added days. But again the stars aligned.
Out of the blue, the hacker, Rovion, emails me afresh on Wednesday, April 13th.
From: Rovion Vavilov [email protected]
To: Erik Voorhees [email protected] Subject:
Re: ShapeShift
Yes, it appears the hacker has gotten affronted that his Ethereum kept accepting arctic at exchanges. So he comes aback to the abundance he beggared from, and asks us if we’ll barter for a added aqueous asset. We’d be about affairs aback our own Ethereum, and advantageous him Bitcoin.
Obviously account it, if we can access added information. Since neither of us assurance the other, we authorize a protocol:
1) We pay 2 BTC to get the chat started
2) Rovion gives us bisected the accordant information
3) We exchange, in increments of 250, 2000 ETH for BTC at 0.02 BTC/ETH rate
4) Rovion gives us additional bisected of the accordant information
5) We exchange, in the aforementioned increments, the actual 2500 ETH for BTC at aforementioned rate
6) We cease advice (this aftermost one was Rovion’s suggestion)
He asks us to accelerate the BTC to his already accepted BTC address: 14Kt9i5MdQCKvjX6HS2hEevVgbPhK13SKD
After the antecedent 2 BTC payment, Rovion begins with description of April 7th hack:
“What’s the fingerprint of the SSH key mentioned above?” I ask
“9c:3f:4b:ad:d6:43:ec:9a:55:de:b9:0b:d8:f5:0a:cb”
We see that it’s Greg’s key, anew created for the CloudCo environment. It was not alike in actuality until added than a anniversary afterwards Bob had baseborn the funds in March and disappeared. How on Earth did this hacker get a new key, column Bob?
I additionally ask about the “[redacted]” mentioned but Rovion says that is allotment of the additional accumulation of information. We advance with the incremental barter of the additional accumulation of funds.
Then Rovion says,
Wow, now it’s starting to appear together, anniversary adumbration case aback a band of Bob’s treachery. Bob had installed an RDP (remote desktop agreement – basically a awning eyewitness or controller) on Greg’s computer. And conceivably on others, we charge assume.
Then Rovion shares via pastebin an email from Bob (the advice he purchased):
(specific IP’s redacted by us)
And there it is. Bob awash advice on the assembly servers, admission to ShapeShift’s centralized network, allotment of ShapeShift’s antecedent code, and admission to an RDP applicant he had installed on a co-worker’s computer, to Rovion, for 50 Bitcoin. The IP and centralized router advice arrested out.
This explained about everything. With admission to Greg’s computer (and conceivably others), via RDP, the new server environments could be witnessed and the new SSH keys could be used. It wasn’t the billow account provider’s fault, it was our own.
We had afflicted about everything, but hadn’t scrapped our claimed computers acclimated while Bob had been allotment of the team. Would that accept been the batty affair to do? Yes. Would it accept been the appropriate affair to do?
Clearly.
And one of the aftermost things Rovion said afore we concluded the discussion,
Cleaning Up a Mess
We brainstorm this advice will abetment in demonstrating bent absorbed on the allotment of Bob. This was not a spur-of-the-moment taking, but an orchestrated treachery. I’ve absent calculation of the cardinal of felonies complex at this point.
We additionally apperceive that while the adventure from Rovion checks out, it may able-bodied not be the abounding story. We accept to accept added capacity are accordant to the case, and to our infrastructure. This is why ShapeShift has been offline for best than any of us would accept liked. We are actuality actual careful, and actual paranoid.
Nonetheless, I accept been badly appreciative of my team. Working in a startup, in the Bitcoin industry, is demanding enough, and again to accord with a alternation of layered betrayals like this and all the accident (financially, technically, psychologically) it causes… that is hard. You guys accept done an amazing job and I am badly encouraged seeing the team’s accord and fortitude.
It didn’t advice that we had aloof brought on four new advisers in the actual anniversary of the two incidents (nearly acceleration our development staff). They were befuddled into the affray after mercy, and they’ve been incredible.
#ShapeShiftUserNotAffected
To survive in Bitcoin, one has to be an optimist. While the betrayal and accident and apple-pie up accomplishment has been angrily taxing, there are some argent linings.
First, no being or alignment is perfect. We abstruse some of our own vulnerabilities, and our own mistakes. We are acclimation them, and convalescent aloft them wherever possible. Such advance doesn’t appear cheap, but the ShapeShift of today is fabricated bigger than the ShapeShift of yesterday. The animate is tempered, the apparatus refined. Though no distinct alignment can ultimately accomplish it, we try to access anti-fragility, and body it as an ideal in our work.
Second, no barter absent money throughout assorted hacks orchestrated alike by an insider. Through decentralization, through code, through innovation, through structure… customer aegis by architecture is one of this industry’s best important contributions to association – article that a aeon of bequest cyberbanking has bootless to achieve, as acclaimed by Satoshi’s abominable band in the Genesis Block.
ShapeShift will consistently assignment to advance aloft this belvedere of customer protection. Many others in this association are accomplishing the aforementioned forth altered avenues. Thank you for the accoutrement you are building, and the assignment you accept done. And indeed, there is still abundant to do.
To our customers, I would like to alone apologize for our downtime. While we can ensure your funds are not at risk, I apperceive abounding await on our service, and it has been unavailable. Redundancy, alike in the face of disaster, will be one of our primary development goals activity forward.
Further, acknowledge you aboveboard to those in the association who accomplished out and offered all address of support, and to our investors who were badly affectionate and understanding.
And finally, as with all acute episodes one endures, we charge acknowledge the allowance and befalling for growth, for experience, and for one of life’s best adored luxuries, reflection.
Never a addled day in Bitcoinland
-Erik Voorhees
CEO ShapeShift.io
And to Bob… Note that your absolute name and anecdotic advice were not divulged. Consider that a final, aerial courtesy.
Images address of ShapeShift.
