Shapeshift.io, the cryptocurrency exchange was recently faced with a security breach, forcing it to temporarily suspend its operations. The security breach on April 7, 2016, had compromised the platform’s server infrastructure which threatened the fate of future transactions on it. In order to fix the system and be sure that nothing is amiss, the company decided to replace the server infrastructure instead of fixing the issues on the existing setup.
In order to completely revamp the platform’s backend infrastructure, Shapeshift services were shut down. At the same time, the company is also conducting an investigation into the events and actors behind the server breach. Eric Voorhees, the founder of Shapeshift has been frequently updating the status of the security fix on the platform’s subreddit page. The latest update on the company’s page suggests that someone who has or was closely involved with Shapeshift in the past may have had a role to play in the security breach.
The latest update follows the company’s ongoing forensic investigation into the security breach seems to have confirmed the company’s earlier suspicion about an inside job. The post, submitted about 10 hours ago is a bit thin on the specifics but it alleges that their initial suspicion about the involvement of someone who was previously part of the team has been confirmed. The said person is said to have helped an outside hacker to gain unauthorized access to Shapeshift’s server infrastructure.
Shapeshift is working with Ledger Labs to investigate the security issue. At the same time, the company is in the middle of a civil suit related to the hack. It will be providing more details about the incident once the post-mortem analysis is completed.
The new server infrastructure being developed for deployment has better security features from the previous one. Developers are including security fixes to make the system invulnerable to attacks similar to that of the ones faced by Shapeshift recently.
Since the platform went offline, many Shapeshifts customers whose orders were still under process are being refunded. It is an ongoing process and it is expected to be completed in the coming days.
Those interested in keeping themselves updated about the latest happenings with Shapeshift can follow the company’s updates on twitter or the public Slack room.
As the issue resolves, we await more information from the company with specifics about the security breach and people involved in it.
Ref: Shapeshift on Reddit