It is nothing new that bitcoin startups are attractive targets for cyber-criminals. Due to the pseudo-anonymous nature of bitcoin, it is easier to get away with the cyber theft of the digital currency than it is when stealing fiat currency as no bank accounts need to be used to transfer the illicit funds. In fact, since the birth of Bitcoin in 2008, a third of all bitcoin exchanges have been hacked.
However, cyber-criminals are not only focusing their efforts on bitcoin exchanges and online wallets. Hackers have stepped up their game to accessing mobile phones of leading figures in the bitcoin space to gain access to their companies, or their cryptocurrency, holdings as the recent hack of KeepKey CEO Darin Stanchfield’s mobile phone illustrates.
The Christmas Day KeepKey Hack
On December 25, 2016, an unknown hacker was able to gain access to Stanchfield’s Verizon email account with which he then activated a new phone number to help him gain access to a range of Stanchfield’s accounts. Within a few minutes, the hacker was able to get access to KeepKey’s Twitter account and several of KeepKey’s business services accounts including its marketing software and sales distribution channel accounts.
The hacker went on to contact KeepKey’s staff to demand a ransom payment of 30 BTC (around $30,000 at the time of the hack) in exchange for the stolen data. KeepKey’s staff, however, did not give in to the hacker’s demands and were instead able to regain control of all of their accounts, except for it’s Twitter profile.
KeepKey went on to offer a 30 BTC reward to anyone who can provide clues that would lead to the hacker’s arrest and filed the incident with the FBI’s Cyber Division on December 26.
KeepKey also issued a statement ensuring its customers that the attacker was not able to access any of customer’s bitcoin wallets. As KeepKey produces hardware wallets, it would have been impossible for the attackers to gain access to customer funds. It is unclear, however, whether the hacker was able to steal customer data such as names, home addresses, email addresses and phone numbers.
In case such a data theft did occur, the company has decided to offer customers who have had their data stored in any of the affected systems a 30-day refund of their hardware wallets.
More Recent Hacks of Leading Bitcoin Figures
The hack of KeepKey CEO Stanchfield’s accounts was not the first mobile phone hack of a leading figure in the Bitcoin industry. Other high-profile cyber attacks include the hacking of the founder of cryptocurrency venture capital firm Fenbushi Capital, Bo Shen, who had around $300,000 worth of cryptocurrency stolen in early December. Furthermore, two weeks later the same hacker was able to gain access to the mobile phone of a leading Ethereum Project admin and was able to reset passwords to get access to a range of accounts and data, including a copy of the Ethereum database backup.
With the recent sharp rally of bitcoin, cyber security has become a crucial issue for bitcoin wallet providers and exchanges, as well as high-profile individuals in the bitcoin community.