Erik Voorhees, CEO of ShapeShift, said in an email that last week’s security hack was completed with inside help.
“Since the investigation into the ShapeShift hack last week started, we had suspicion that someone previously on the team was involved, and that this person assisted an outside hacker,” said Voorhees. “We are confident now that is is indeed the case.”
Last week ShapeShift went offline following the security breach. Voorhees explained in a Reddit post plans to completely rebuild their infrastructure. Though no customer funds were taken, ShapeShift did lose some of their own hot wallet inventory funds.
The Swedish-based digital currency exchange is working with a forensic specialist from LedgerLabs. Several criminal investigations and a civil suit are ongoing. Voorhees stressed that customer funds were never at risk, and refunds for prior pending orders are being resolved.
“Our team continues to revise and rebuild infrastructure, hardening not only prior vulnerabilities, but future potential attack vectors. It has been inspiring to see anti-fragility in action as ShapeShift gets stronger,” said Voorhees.
A more detailed post-mortem will be released following completion of forensic work. People are encouraged to connect with ShapeShift on its various social media channels and to join its public Slack.
Images courtesy of ShapeShift