Canadian Bitcoins Social Engineering Theft: Difference between revisions
No edit summary |
(COMPLETE 30 minutes. Updated template. About information spread around now. Added additional sources. Prepared a promotion for Twitter/X.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
{{Unattributed Sources}} | |||
[[File:Canadianbitcoins.jpg|thumb|Canadian Bitcoins]]Canadian Bitcoins offers a cryptocurrency brokerage service based in Ottawa. Their wallet was hosted in a prestigious Rogers data center with an impressive array of security. However, one staff member there was fully accommodating to a James Grant impersonater, and granted him full access to the server, where he proceeded to steal the full $100k balance of the company hot wallet. | [[File:Canadianbitcoins.jpg|thumb|Canadian Bitcoins Logo/Shop]]Canadian Bitcoins offers a cryptocurrency brokerage service based in Ottawa, Canada. Their wallet was hosted in a prestigious Rogers data center with an impressive array of security. However, one staff member there was fully accommodating to a James Grant impersonater, and granted him full access to the server, where he proceeded to steal the full $100k balance of the company hot wallet. | ||
<ref name="kylegibson-86" /><ref name="bitcoinexchangeguide-218" /><ref name="coindesk-4032" /><ref name="facebook-4041" /><ref name="cbinsights-4042" /><ref name="bittrust-4043" /><ref name="canadianbitcoins-4044" /><ref name="ottawacitizen-4045" /><ref name="financialpost-4046" /><ref name=":0">[https://www.canadianbitcoins.com/2014-03-18-statement.php Statement - Canadian Bitcoins] (Accessed Nov 13, 2024)</ref><ref>https://www.huffpost.com/archive/ca/entry/canadian-bitcoins-blames-rogers-for-hack-that-cost-100-000_n_4995030</ref><ref>https://www.reddit.com/r/canada/comments/2179c3/canadian_bitcoins_blames_rogers_for_hack_that/</ref> | |||
== About Canadian Bitcoins == | == About Canadian Bitcoins == | ||
"Canadian Bitcoins is a cryptocurrency brokerage allowing customers to buy or sell bitcoins, litecoins and other cryptocurrencies | "Canadian Bitcoins is a cryptocurrency brokerage allowing customers to buy or sell bitcoins, litecoins and other cryptocurrencies." | ||
" | "Fill out the BUY form on the Buy/Sell page. Specifying the amount of $CAD you wish to spend on Bitcoins/Crypto, and your wallet address that you want to receive the purchased crypto at. Choose your payment method, and follow the instructions that are emailed to you. When we receive the payment, we will deposit the Bitcoins/crypto to the provided wallet address." "Please note orders must still be approved manually on our side before any coins are sent, typically Mon-Fri 9-5." | ||
" | "We can currently only service Canadians, living in Canada." | ||
" | "Canadian Bitcoins’ servers were being run by a company called Rogers Data Centre (who were technically in the process of taking the data centre over from its previous operator, Granite Networks)." "Rogers bought Granite Networks for $6.25 million in late September." "The 28,000-square-foot centre, located on Hazeldean Road in Bells Corners, was built to some of the highest security standards in the industry." | ||
" | |||
" | "Canadian Bitcoins only keeps a small amount of the currency in its active online wallet to allow for small trades and transfers. The vast majority of customers’ bitcoins are securely stored in an inactive wallet which is locked in a safety deposit box. To access those reserves, customers must leave notice." | ||
== The Reality == | == The Reality == | ||
Sometimes all that protects assets is just security theater. | |||
== What Happened == | == What Happened == | ||
"A hacker was allegedly able to steal 149 bitcoin, or around $100,000 at the time, from Canadian Bitcoins by messaging Rogers Data Centre and just asking for access to the servers." | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Canadian Bitcoins Social Engineering Theft | |+Key Event Timeline - Canadian Bitcoins Social Engineering Theft | ||
| Line 67: | Line 28: | ||
|- | |- | ||
|October 1st, 2013 | |October 1st, 2013 | ||
| | |Server Access Granted | ||
| | |The date of the incident where the Rogers Data Centre server was accessed by the imposter<ref name=":0" />. | ||
|- | |- | ||
| | |March 18th, 2014 | ||
| | |Public Statement Released | ||
| | |Canadian Bitcoins releases a public statement on the incident in response to questions raised by the Ottawa Citizen<ref name=":0" />. | ||
|} | |} | ||
== Technical Details == | |||
"With nothing more than a chat session and smooth talk, a crafty cybercriminal convinced an attendee at Rogers Data Centre to reboot the Canadian Bitcoins server in fail safe mode, bypassing all security measures." | |||
"The Bitcoin thief started a customer service chat session with Granite Networks, the company hosting Canadian Bitcoins’ server, and claimed to have a problem with it." "The hacker pretended to be Canadian Bitcoins CEO James Grant over instant message – just by saying “I am James Grant”, there wasn’t any fancy trickery going on – and was given access." | |||
"According to a text copy of the chat session obtained by the Citizen, at no point during the nearly two-hour-long conversation was the caller asked to verify his identity. After being asked, the technical support worker gained access to Grant’s locked server pen, plugged in a laptop and then manually gave the fraudster access to Canadian Bitcoins servers, where he cleaned out a wallet containing 149.94 bitcoins, valued at around $100,000." | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost has been estimated at $100,000 USD. | The total amount lost has been estimated at 149.94 bitcoins, worth approximately $100,000 USD. | ||
== Immediate Reactions == | == Immediate Reactions == | ||
“It’s ridiculous,” said the real James Grant when asked about the incident. “There was absolutely zero verification of who it actually was.” "The server was rebooted in safe mode, which bypassed the all-important security measures that would normally keep it safe." | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
"After the intrusion, Grant said he noticed the server had been rebooted several times, but couldn’t access it from the company’s offices. The company’s servers are configured so they are only accessible from Canadian Bitcoins’ head office in Nepean." | |||
"In order to check the servers himself, he needed to call two hours in advance to alert Rogers officials about his visit. He then needed a key card to enter the building, enter the lobby, activate the retinal scanner, pass through two more sets of locked doors and then he had to provide a numeric code to unlock the padlocked gate on the cage of his servers." | |||
"The Ottawa police are investigating an Oct. 1, 2013, incident at Canadian Bitcoins, when someone opened an online chat session with a technical support worker at Granite Networks, now owned by Rogers Communications, and claimed to be Canadian Bitcoins owner James Grant." | |||
"Grant said the damage could have been far worse. But Canadian Bitcoins only keeps a small amount of the currency in its active online wallet to allow for small trades and transfers." | |||
“The situation surrounding this customer is unique to this customer, and does not apply to any other customer of Rogers Data Centres. Rogers has been fully co-operative with authorities in the investigation,” according to a statement from the company. “Rogers Data Centres provides the highest level of security in the Canadian data centre industry. Its security protocol is operationally certified and in accordance with industry best practices. We have reviewed our security processes and continue to work with our customers to make sure they take advantage of all of our security features.” | |||
"Canadian Bitcoins covered the $100,000 loss out of their own pocket, Grant said, and moved to get their computer equipment out of the facility." | |||
"Rogers said it has offered Canadian Bitcoins a “credit” as a result of the situation. Grant said the credit was nowhere near sufficient to cover the company’s loss and as a result his firm is contemplating legal action." | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
There do not appear to have been any funds recovered in this case. | There do not appear to have been any funds recovered in this case. | ||
== General Prevention Policies == | == General Prevention Policies == | ||
The problem came about due to a lack of verification on access to key server infrastructure, and could also have been mitigated by running transactions through a multi-sig with a separate system. These funds were in the Canadian Bitcoins hot wallet and stored online. As with all hot wallets, the loss of the entire balance should be planned for. No customer funds were lost, as the balance was all platform funds. (Canadian Bitcoins does not custody customer funds.) | The problem came about due to a lack of verification on access to key server infrastructure, and could also have been mitigated by running transactions through a multi-sig with a separate system. These funds were in the Canadian Bitcoins hot wallet and stored online. As with all hot wallets, the loss of the entire balance should be planned for. No customer funds were lost, as the balance was all platform funds. (Canadian Bitcoins does not custody customer funds.) | ||
Latest revision as of 16:28, 14 November 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Canadian Bitcoins offers a cryptocurrency brokerage service based in Ottawa, Canada. Their wallet was hosted in a prestigious Rogers data center with an impressive array of security. However, one staff member there was fully accommodating to a James Grant impersonater, and granted him full access to the server, where he proceeded to steal the full $100k balance of the company hot wallet.
[1][2][3][4][5][6][7][8][9][10][11][12]
About Canadian Bitcoins
"Canadian Bitcoins is a cryptocurrency brokerage allowing customers to buy or sell bitcoins, litecoins and other cryptocurrencies."
"Fill out the BUY form on the Buy/Sell page. Specifying the amount of $CAD you wish to spend on Bitcoins/Crypto, and your wallet address that you want to receive the purchased crypto at. Choose your payment method, and follow the instructions that are emailed to you. When we receive the payment, we will deposit the Bitcoins/crypto to the provided wallet address." "Please note orders must still be approved manually on our side before any coins are sent, typically Mon-Fri 9-5."
"We can currently only service Canadians, living in Canada."
"Canadian Bitcoins’ servers were being run by a company called Rogers Data Centre (who were technically in the process of taking the data centre over from its previous operator, Granite Networks)." "Rogers bought Granite Networks for $6.25 million in late September." "The 28,000-square-foot centre, located on Hazeldean Road in Bells Corners, was built to some of the highest security standards in the industry."
"Canadian Bitcoins only keeps a small amount of the currency in its active online wallet to allow for small trades and transfers. The vast majority of customers’ bitcoins are securely stored in an inactive wallet which is locked in a safety deposit box. To access those reserves, customers must leave notice."
The Reality
Sometimes all that protects assets is just security theater.
What Happened
"A hacker was allegedly able to steal 149 bitcoin, or around $100,000 at the time, from Canadian Bitcoins by messaging Rogers Data Centre and just asking for access to the servers."
| Date | Event | Description |
|---|---|---|
| October 1st, 2013 | Server Access Granted | The date of the incident where the Rogers Data Centre server was accessed by the imposter[10]. |
| March 18th, 2014 | Public Statement Released | Canadian Bitcoins releases a public statement on the incident in response to questions raised by the Ottawa Citizen[10]. |
Technical Details
"With nothing more than a chat session and smooth talk, a crafty cybercriminal convinced an attendee at Rogers Data Centre to reboot the Canadian Bitcoins server in fail safe mode, bypassing all security measures."
"The Bitcoin thief started a customer service chat session with Granite Networks, the company hosting Canadian Bitcoins’ server, and claimed to have a problem with it." "The hacker pretended to be Canadian Bitcoins CEO James Grant over instant message – just by saying “I am James Grant”, there wasn’t any fancy trickery going on – and was given access."
"According to a text copy of the chat session obtained by the Citizen, at no point during the nearly two-hour-long conversation was the caller asked to verify his identity. After being asked, the technical support worker gained access to Grant’s locked server pen, plugged in a laptop and then manually gave the fraudster access to Canadian Bitcoins servers, where he cleaned out a wallet containing 149.94 bitcoins, valued at around $100,000."
Total Amount Lost
The total amount lost has been estimated at 149.94 bitcoins, worth approximately $100,000 USD.
Immediate Reactions
“It’s ridiculous,” said the real James Grant when asked about the incident. “There was absolutely zero verification of who it actually was.” "The server was rebooted in safe mode, which bypassed the all-important security measures that would normally keep it safe."
Ultimate Outcome
"After the intrusion, Grant said he noticed the server had been rebooted several times, but couldn’t access it from the company’s offices. The company’s servers are configured so they are only accessible from Canadian Bitcoins’ head office in Nepean."
"In order to check the servers himself, he needed to call two hours in advance to alert Rogers officials about his visit. He then needed a key card to enter the building, enter the lobby, activate the retinal scanner, pass through two more sets of locked doors and then he had to provide a numeric code to unlock the padlocked gate on the cage of his servers."
"The Ottawa police are investigating an Oct. 1, 2013, incident at Canadian Bitcoins, when someone opened an online chat session with a technical support worker at Granite Networks, now owned by Rogers Communications, and claimed to be Canadian Bitcoins owner James Grant."
"Grant said the damage could have been far worse. But Canadian Bitcoins only keeps a small amount of the currency in its active online wallet to allow for small trades and transfers."
“The situation surrounding this customer is unique to this customer, and does not apply to any other customer of Rogers Data Centres. Rogers has been fully co-operative with authorities in the investigation,” according to a statement from the company. “Rogers Data Centres provides the highest level of security in the Canadian data centre industry. Its security protocol is operationally certified and in accordance with industry best practices. We have reviewed our security processes and continue to work with our customers to make sure they take advantage of all of our security features.”
"Canadian Bitcoins covered the $100,000 loss out of their own pocket, Grant said, and moved to get their computer equipment out of the facility."
"Rogers said it has offered Canadian Bitcoins a “credit” as a result of the situation. Grant said the credit was nowhere near sufficient to cover the company’s loss and as a result his firm is contemplating legal action."
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
General Prevention Policies
The problem came about due to a lack of verification on access to key server infrastructure, and could also have been mitigated by running transactions through a multi-sig with a separate system. These funds were in the Canadian Bitcoins hot wallet and stored online. As with all hot wallets, the loss of the entire balance should be planned for. No customer funds were lost, as the balance was all platform funds. (Canadian Bitcoins does not custody customer funds.)
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)
- ↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
- ↑ The 9 Biggest Screwups in Bitcoin History (Oct 2, 2021)
- ↑ https://www.facebook.com/Canadianbitcoins/videos/445172325995189/ (Nov 13, 2021)
- ↑ Canadian Bitcoins - Headquarter Locations, Competitors, Financials, Employees (Nov 13, 2021)
- ↑ Canadian Bitcoins - 26 Reviews - Bitcoin Exchange - BitTrust.org (Nov 13, 2021)
- ↑ How it Works - Canadian Bitcoins (Nov 13, 2021)
- ↑ Ottawa bitcoin exchange defrauded of $100,000 in cyber currency | Ottawa Citizen (Nov 13, 2021)
- ↑ Ottawa bitcoin exchange defrauded of $100,000 in easiest heist ever | Financial Post (Nov 13, 2021)
- ↑ 10.0 10.1 10.2 Statement - Canadian Bitcoins (Accessed Nov 13, 2024)
- ↑ https://www.huffpost.com/archive/ca/entry/canadian-bitcoins-blames-rogers-for-hack-that-cost-100-000_n_4995030
- ↑ https://www.reddit.com/r/canada/comments/2179c3/canadian_bitcoins_blames_rogers_for_hack_that/