Hacking, Extortion and Stolen Coins: Unraveling a Major Cryptocurrency Breach
When one of the world’s largest cryptocurrency exchanges was breached in May of this year, few in the industry were surprised. Cryptocurrency exchanges have long been appealing targets of malicious actors looking to steal currency and personal information. But this recent breach, which will potentially impact tens of thousands of cryptocurrency investors around the world, is particularly unique. The series of events that has unfolded in its aftermath serves as a stark reminder that the criminals looking to profit from this industry are both sophisticated and highly motivated.
Let’s take a look at the key facts of the breach to date:
- In May 2019, an unknown group breached accounts of a major cryptocurrency exchange, stealing 7,000 bitcoin and a "large number of user API keys, 2FA codes and potentially other info."
- Shortly following the breach, a self-professed white hat hacker operating under the name Bnatov Platon enters the picture, claiming that an insider allowed hackers access to the client accounts, and that sensitive personal data and know your customer (KYC) information were also compromised. The cryptocurrency exchange alleged that the customer data was obtained from a third-party KYC provider.
- Bnatov Platon claims to have hacked the original perpetrators, and through such efforts obtained access to 60,000 breached customer accounts. He said his intentions in doing so were in the name of justice and to prompt the exchange to publicly share the full extent of the breach.
- In interviews with CoinDesk, Bnatov Platon shared evidence suggesting that the breach was indeed enabled by an insider who provided hackers with API keys. After initially offering to provide the exchange with important information that would help bring the criminals to light, Bnatov Platon changed course. The hacker then demanded approximately $3 million in payment for the information and threatened to leak it if the exchange did not comply.
- Negotiations between the parties quickly broke down, and in early August, Bnatov Platon uploaded photos and information of more than 150 users to an open sharing site. A second leak followed, containing hundreds of images of customers holding their IDs. Much of the leaked information has since been confirmed as belonging to the exchange’s customers.
- The exchange is currently in response mode, providing notification and additional services to its affected customers. Investigations into both the initial breach and the Bnatov Platon leak are ongoing.
This is a fascinating case, and one that will continue to unfold as investigations proceed. Importantly, it demonstrates the technical capability and zeal of the wolves at the door of financial institutions—especially cryptocurrency exchanges. Because many cryptocurrency exchanges are new businesses with evolving technology and little precedent to guide them in strengthening information security, we’ll likely see many more stories like this one emerge. As a whole, the industry must adopt much more rigorous security and governance practices, and advocate for the creation of industry-specific frameworks and standards.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.