Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
52

ShapeShift Update - April 7 Security Breach

52
Posted by3 years ago
Archived

ShapeShift Update - April 7 Security Breach

Hello everyone,

We wanted to provide a quick update on our status.

Yesterday afternoon, we noticed several pieces of evidence indicating our server infrastructure was compromised and threatened. We made the decision to scrap that infrastructure, and rebuild in a wholly new and safe environment. This is what we are currently engaged in. While we hate having the service offline, it was the safer path.

By design, ShapeShift doesn't hold customer balances, so even in the case of a security breach, there is no customer money at risk. However, a portion of our own hot wallet inventory funds were taken, but nothing that will interfere with operations once our new environment is online. This is also by design.

We've built customer protection into our platform – hacks may be inevitable, but customer losses should not be. Not a cent of customer funds was lost, nor could they have been.

For those few customers who had a pending order processing with us when we went offline, we'll get those funds returned to you within 24 hours. Customer support link is below.

Existing in Bitcoinland is a pioneering struggle against many threats and challenges. We'll use the opportunity to build even bigger, better, and more resilient infrastructure. We've been inspired by the immense growth ShapeShift has seen over the past several months, and will get this beast back online ASAP.

Kind regards,

-Erik Voorhees

CEO ShapeShift.io

Direct link to customer support while site is down: https://shapeshift.zendesk.com/hc/en-us

61 comments
98% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
Sort by
level 1
30 points · 3 years ago

Sorry to hear about your hot wallet. It's actually quite sad to hear that folks with the know-how to hack are using their talents for petty crimes instead of building out this space.

level 2
12 points · 3 years ago

We couldn't agree more. Thanks so much for your concern! We will make sure to update you as things unfold.

level 2
10 points · 3 years ago

The way I see it, is it's better to get these problems solved sooner than later. ShapeShift is great at limiting customer risk, so this "hack" will in effect make their platform more resilient and reliable in the future. Continue the great work!!!

level 2
4 points · 3 years ago

It is sad. But I believe they know which is more lucrative. I don't know if this reality will ever change in the world of crypto

level 1
23 points · 3 years ago

It's very reassuring that you're open and honest about it, inspires trust.

level 2
6 points · 3 years ago

^ very much this, it would also be great to see some sort of post-hack analysis once the fires are out.

level 2
6 points · 3 years ago

/u/evoorhees will be as famous as J.P. Morgan some day, but all for good reasons.

level 2
1 point · 3 years ago

then how much did they lose?

isn't it just normal to announce when u get hacked? lol.

level 1
17 points · 3 years ago

Will you write up an after-action report? Several other developers, including myself, would love to know what went wrong so we can make sure our own businesses are more secure against similar attacks.

level 2
Original Poster12 points · 3 years ago

We are considering that, will decide later.

level 2
2 points · 3 years ago

A HUGE chunk of the cryptocurrency industry's security knowledge has been documented and organized in the CryptoCurrency Security Standard (CCSS). Regardless of what went wrong at one company, the CCSS will explain how to protect against things that went wrong at many companies.

level 1
5 points · 3 years ago

Thank you for being so honest. Appreciate it. Its good that your built the platform that doesn't keep customer funds.

level 1
5 points · 3 years ago

Good luck and good eye.

level 1
4 points · 3 years ago

I'm surprised that SS still doesn't have any competition. The market for crypto<->crypto is big and it's gonna be 100x bigger than today.

level 2
3 points · 3 years ago

thats not true! metaexchange.info and blocktrades.us

they don't have as wide a variety of currencies yet, but with your support they will.

level 1
Comment deleted by user3 years ago
level 2
1 point · 3 years ago

👍 thank you!

level 1
4 points · 3 years ago

I am sure you guys will recover from this.

The fact you are transparent about this, only shows you will.

level 1
3 points · 3 years ago

current ETH price drop could be related to this. Stolen ETH is probably being dumped

level 1
3 points · 3 years ago

We're live! ShapeShift is back up and running. Thank you all for your patience and understanding. Please note: old deposit addresses will not work at this time. We only have BTC/ETH for now, additional coins over the coming weeks. Thanks for your continued patience. Please stay tuned to updates!

level 2
1 point · 3 years ago

back down again?

More posts from the shapeshiftio community
Continue browsing in r/shapeshiftio
Experience a completely new ShapeShift. Trade crypto without commissions, spread or fees at ShapeShift.com ------------------------------------------------ Official subreddit the ShapeShift Platform — the most secure and user-friendly crypto platform in the industry. Buy, sell, send, receive, trade, track, and hodl most major cryptos in a non-custodial way.
2.9k

Members

12

Online


Created Nov 9, 2014