The first news about Bitstamp being attacked by hackers appeared on January 6, 2015 when the company officially confirmed the information.
Actually, the whole story started much earlier but Bitstamp haven’t provided any details for quite a long. The point is that $5 million was stolen and the case was in focus of media interest for quite a while.
Now several months later a leaked report sheds light on how the attack was conducted (the content was afterwards removed from Scribd website at the request of Bitstamp).
The fact of report credibility has been doubted as Bitstamp hasn’t given any official comments yet. Although the report is claimed to be confidential, its copies have already appeared on numerous mirror sites.
According to the document the whole sequence of events happened in December-January looks as follows. Attackers penetrated the company database via the laptop of system administrator Luka Kodrič.
Bitstamp obviously failed to provide secure logging requirements therefore Kodrič, like all other employees, didn’t need any special credentials to enter the system while plugging a computer in at the company. Although initial entry seems to be quite easy for attackers, further steps did require them much work.
The company actually had a chance to discover the attack earlier if Kodrič had payed attention to the notifications sent to his phone saying that he had just logged in back at the company network. He must have been pricked up his ears as right at that moment he was away at business trip and couldn’t use company network. It’s hard to explain now why Kodrič didn’t inform the management but the fact remains.
By the time Bitstamp finally noticed data movement more than 18,000 BTC was stolen. It was quite late for the company considered to be one of the most popular bitcoin exchanges to identify security breach.
The company conducted investigation, identified all the computers connected to the network during the attack and withdrew the whole amount of 13 terabytes of data from them. Thus investigators managed to follow the history of conducted attack and found out that such phishing types of attacks required some initial knowledge.
Nevertheless current report underlined that most of the employees attacked didn’t have access to the confidential information the hackers needed. Finally attackers managed to penetrate via Luka Kodrič who previously got invitation from some group. This contact with attackers was enough for them to use his laptop to enter the company network.
Although Bitstamp reimbursed all stolen funds later trust is something that is not so easy to refund. The company should definitely reconsider its security system.