We wanted to provide a quick update on our status.
Yesterday afternoon, we noticed several pieces of evidence indicating our server infrastructure was compromised and threatened. We made the decision to scrap that infrastructure, and rebuild in a wholly new and safe environment. This is what we are currently engaged in. While we hate having the service offline, it was the safer path.
By design, ShapeShift doesn't hold customer balances, so even in the case of a security breach, there is no customer money at risk. However, a portion of our own hot wallet inventory funds were taken, but nothing that will interfere with operations once our new environment is online. This is also by design.
We've built customer protection into our platform – hacks may be inevitable, but customer losses should not be. Not a cent of customer funds was lost, nor could they have been.
For those few customers who had a pending order processing with us when we went offline, we'll get those funds returned to you within 24 hours. Customer support link is below.
Existing in Bitcoinland is a pioneering struggle against many threats and challenges. We'll use the opportunity to build even bigger, better, and more resilient infrastructure. We've been inspired by the immense growth ShapeShift has seen over the past several months, and will get this beast back online ASAP.
Direct link to customer support while site is down: https://shapeshift.zendesk.com/hc/en-us
Sorry to hear about your hot wallet. It's actually quite sad to hear that folks with the know-how to hack are using their talents for petty crimes instead of building out this space.
The way I see it, is it's better to get these problems solved sooner than later. ShapeShift is great at limiting customer risk, so this "hack" will in effect make their platform more resilient and reliable in the future. Continue the great work!!!
Will you write up an after-action report? Several other developers, including myself, would love to know what went wrong so we can make sure our own businesses are more secure against similar attacks.
A HUGE chunk of the cryptocurrency industry's security knowledge has been documented and organized in the CryptoCurrency Security Standard (CCSS). Regardless of what went wrong at one company, the CCSS will explain how to protect against things that went wrong at many companies.
We're live! ShapeShift is back up and running. Thank you all for your patience and understanding. Please note: old deposit addresses will not work at this time. We only have BTC/ETH for now, additional coins over the coming weeks. Thanks for your continued patience. Please stay tuned to updates!