ALLCRYPT

DESCRIPTION OF EVENTS

“On March 18, 2015, AllCrypt, a small crypto currency exchange posted what may very well be one of their last posts on their blog. The Bitcoin exchange had been hacked, resulting in stolen crypto currency.” “42 BTC stolen by the hackers” “The stolen Bitcoins might not seem that much, but for a smaller alternative crypto currency exchange even such an amount is not small.” “Around 8PM on Sunday (all times EDT) our marketing director’s blog account requested a password reset. […] The MD saw this email come in, and forwarded it to myself, and another team member (a technical lead/temporary assistant support staff), letting us know what happened and that he did not request the password reset. I did not see the email at the time, as I was out, and it was not a huge red flag that would require a phone call. Once I returned home later, I saw the email, and logged into the server to double-check on things. That’s when I discovered the breach.” “The blog post goes on to describe how the attacker managed to upload PHP files to the WordPress site, install Adminer (a web based database management utility similar to PHPMyAdmin) and then create fake crypto currency balances in the system. From there, using a fake account, the attacker could then trade crypto currency and transfer earnings to a Bitcoin wallet owned and controlled by the attacker.” “The owner, who appears to be anonymous according to WHOIS information, claims that the site cost him a total of $15,000, and further that they only netted roughly 10 BTC in profits after thirteen months of operation.” “Between hardware and operating costs, I am personally down over $15,000. Believe me – I feel your pain as well. No one on the site had as much on the servers as I personally did. Not that I expect pity or compassion, but I think it’s important to know that I’m not retiring to a private island because of this. I also think it’s important to be as open as possible to assuage any fears of an inside job.” In response to a customer after the hack - “I see you running an exchange successfully, I’ll take your advice. Wait, you don’t run an exchange? You’re unemployed? Thanks for the input.” “Ironically AllCrypt tweeted “Too small and insignificant to be a target of the hacks this week. Your coins are safe here because no one cares to hack us” on 2/16/2015 (twitter: All_Crypt/status/567551838719705091)”

Explore This Case Further On Our Wiki

It’s always fascinating to hear about an essentially anonymous exchange operator who secured the exchange only with Wordpress, taunted hackers on Twitter, and then was rude to customers after the fact. Luckily, this exchange didn’t achieve any significant volume, which is not surprising. Had they invested in a simple multi-sig cold storage wallet, all could have been avoided.

Lessons to Learn from the AllCrypt Hack | Acunetix (Mar 2)
BTC-e Exchange Adds Dash And Ethereum Bitcoin Trading Pairs (Mar 2)
Exchange Closure and Settlement - Google Docs (Mar 2)
AllCrypt.com hack resolution. Hacked, stopped, repaired, back up (in 3 days), coins recovered (in 5 days). : CryptoMarkets (Mar 2)

More case studies

BTER Bitcoin
Heist

Coinapult Hot
Wallet Hack