This article is part of our complete guide to Bitcoin and altcoin hacks. Here we cover Bitcoin and altcoin security incidents from the year 2015.
In January of 2015 six Bitstamp employees were the target of a carefully planned phishing attack that cost the exchange 19,000 BTC.
This was one of the most clever hacks I’ve seen in crypto. A mix of social engineering and clever tactics led to a major heist.
Like most exchanges, the Slovenian company required KYC verification in order to lift limits for its customers.
During Skype chats with the verification team, the hacker was able to convince a Bitstamp employee to download a Microsoft Office document.
What Bitstamp didn’t know is this document was a carefully coded trojan horse.
When opened, the DOC ran a VB script that downloaded malware from the Internet. The malware ran and started to scrape the internal network for wallet.dat files.
The malware found several wallets and sent them to the hackers.
Fortunately, though, the cold wallets were offline and air gapped, which prevented further damage.
Just one month after the Bitstamp hack, BTER became the target of a different kind of attack.
A total of 7170 BTC were stolen in a rather unusual way: the cold wallets were targeted.
The amount was split mostly into 15 BTC chunks within the same transaction, which is unusual because they could’ve just sent the whole lot at once and pay less per-byte fees. Splitting stolen BTC into smaller chunks is usually done to avoid large transaction monitoring bots like @whale_alert on Twitter.
The exchange offered a bounty of over 700 BTC for the recovery of the BTC.
A year later users still complained that their BTC had not been returned.
Not too long before, BTER had already been victim of another hack, this time against NXT coins.
Chinese 796 lost 1000 BTC in a well crafted attack against its order processing system.
During the transfer of funds, hackers were able to intercept transactions and deviate them from the intended address.
796 CEO, Nelson Yu, promised all account holders that the financial backers would cover the losses and repay all customers.
Shareholders waived their dividends for that year in order to cover for the 1000BTC.
Return to the main article: The complete guide to Bitcoin and altcoin hacks