Bitcoin: Secret report from cryptosoft hack published

Six employees of Bitcoin’s Bitstamp exchange were spied on in a phishing attack that lasted several weeks and cheated by five million dollars in January 2015. This is the conclusion of a previously unconfirmed report produced within the company.

The confidential document was published by an unknown person with a single-purpose account on Reddit, which was apparently created only for this purpose. This secret document reveals a deep look into the details behind the attack and shows how the 19,000 Bitcoins were lost earlier this year. The company only provided very brief information on the process, which took place behind the scenes.

Bitstamp employees infected with cryptosoft malware

The cryptosoft report contains detailed information about the cause and the course of cryptosoft events. It also shows the risk that Bitcoin stock exchanges, which use social applications, among other things, are running today.

The same is said to have happened with Bitstamp: the hackers used Skype and e-mails to contact the employees. With numerous forged documents they tried to infect the employees with malware. The files sent are said to have been very professional, they say. They were specifically targeted at employees’ personal lives and interests. Exactly this was an expensive fate for the system administrator.

Carelessness of the administrator caused infection
The Bitstamp system was infected when system administrator Luka Kodric opened a file that, he thought, came from an organization spokesman and wanted to recruit him as a member. With the unsuspecting download, however, he quickly installed the hacker’s malware.

The report says:

“As part of the “offer,” an attacker sent numerous documents on December 11. One of these documents, UPE_application_form.doc, contained a VBA script containing a small malicious spaghetti code. Once opened, the script started downloading a malicious program from IP address, compromising our system.”

Spaghetti code in software is source code in a messy and unstructured style that contains confused or partly superfluous control structures.

In the end, the hackers managed to access the two wallet.dat files for Bitstamps Hot Wallets and clean them out with keys that had also been captured.

If one trusts the information, the report consists of findings from the external company Stroz Friedberg for digital forensics, investigators of the US Secret Service, the FBI and British authorities for cybercrime.

Phishing on a large scale
According to the report, the attacks date back to November 4, 2014, when one of the attackers contacted the Bitstamp CTO (Chief Technology Officer) Damian Merlak to offer him free tickets to a punk rock festival.

COO Miha Grcar was contacted in mid-November by a person pretending to be a reporter on Skype. He tried to reinfect Bitstamp with malware, but Grcar refused to accept the document.

Only two days earlier, Bistamp Support boss Anzej Simicak was also about to be infected when the attacker pretended to be someone looking for information for a new project.

In December, the attackers then got down to business and masqueraded: Several Bitstamp employees reported cases of similar attempts to infect employees and servers.

BTC: A currency, money or commodity?

Bitcoins: The significance of the technology is very clear for users. However, when it comes to states, opinions vary widely. We have tried to find out what Bitcoins really are, a commodity, a currency or money. The classification of Bitcoins is particularly important for tax treatment.
Disagreements in the United States

If one examines some institutions, the following picture of the Bitcoin formula ideas emerges:

In the United States there are many different views of Bitcoin formula: Each state sets its own laws and understands Bitcoin from a different perspective. At the same time, everyone wants to maintain control and influence over crypto technology. (We are now consciously talking about crypto technology and not crypto currency, because Bitcoins are not really a currency from the point of view of all states).

FinCEN sees Bitcoins as currency, while the SEC treats them as money. On the other hand, the CFTC regards them as commodities.

Debate on Bitcoins as a commodity

In particular, the CFTC’s proposal to designate it as a commodity caused a great stir in the Bitcoin community and triggered a debate. Treating Bitcoin as such property could have negative consequences for its owners.

The debate was triggered by Aitan Goelman, the CFTC’s executive officer responsible for implementation:

“Even though the excitement about Bitcoins and other digital currencies is very strong at the moment, an innovation does not justify not having to follow the usual laws and rules, as all other participants in the trading market have to do”.

Other U.S. citizens say that states are all trying to gain more control over Bitcoins and digital currencies. Classification is only a means to an end to achieve this. Depending on Bitcoin’s position under the law, governments may be able to intervene in regulation to varying degrees.