Stolen ShapeShift Funds on the Move, Passing Through Coinjoin


Stolen ShapeShift Funds on the Move, Passing Through Coinjoin Mixers

Back in April, Erik Voorhees explained to the whole story of the ShapeShift hack with the “Looting of the Fox” and followed up with us in an interview about the situation. Now, the coins stolen by a hacker who collaborated with a rogue ShapeShift employee have left their original wallet, according to blockchain explorers.

Also read: Nation State ‘Increasingly Irrelevant’ for Blockchain Startups, Study Finds

ShapeShift’s Stolen Funds Are Moving and Being Mixed 

ShapeShiftAccording to’s explorer, the stolen ShapeShift coins are moving and have landed into two separate wallets. The first two transactions went into the wallets, and from there it looks as though a coinjoin method was used to conceal further movements. 

The ShapeShift hack came as a surprise for a lot of people in the cryptocurrency world. Voorhees said customer funds were never at risk during the ordeal, and that the rogue employee was identified. A civil lawsuit was held against the employee, but the hacker who helped seems to be still on the loose.

At the time, Voorhees also hired Michael Perklin, a professional forensic investigator from Ledger Labs to help discover clues about the situation. After the hack, ShapeShift went back online, and told security was tightening, stating:

“We planned to go up this past Wednesday (20th) and we soft-launched the site the night prior. It’s amazing to see volume return immediately upon going live, without any kind of announcement or notice. It’s humbling and inspiring to realize there are people and machines out there initiating exchanges constantly. We’ll be getting other coins back on the platform over the coming days, and the hardening of our infrastructure is a continuing process.”

Erik Voorhees ShapeShift
Erik Voorhees ShapeShift Founder

There are many exchanges that have fallen to the wayside because of hacks such as these, but ShapeShift has managed to deal with it quite well.

It is possible that the hacker may be identified while moving the coins if he or she used JoinMarket, a coinjoin service recently been deemed faulty.

According to the JoinMarket GitHub page:

“JoinMarket is a young project, there are some possible vulnerabilities which could be exploited to spy on every user. Recently people have noticed that one such attack seems to actually be happening. The attack has the possibility of degrading the privacy of all JoinMarket coinjoins. All JoinMarket users must be aware of this, and may want to not use JoinMarket until the issue is resolved.”

There’s no information on whether or not ShapeShift or Michael Perklin are following the moving coins with the forensic team. With the mixing service used, it will be harder to track the transactions, which become more obfuscated as they enter new wallets. But if the hacker used the JoinMarket platform, it’s possible the transactions could still be tracked.

ShapeShift itself has been operating smoothly since the incident, implementing new altcoins into the service, and even collaborating with the new Bitcoin/Ethereum wallet Jaxx. The company has moved forward from this incident unscathed reputation-wise and customers are continuing to use the service.

What do you think about the stolen funds moving and being mixed? Let us know in the comments below.  

Tags in this story
Erik Voorhees, JoinMarket, Michael Perklin, ShapeShift hack

Images courtesy of ShapeShift websites, and Pixabay.

Jamie Redman

Jamie Redman is the News Lead at News and a financial tech journalist living in Florida. Redman has been an active member of the cryptocurrency community since 2011. He has a passion for Bitcoin, open-source code, and decentralized applications. Since September 2015, Redman has written more than 6,000 articles for News about the disruptive protocols emerging today.

Show comments