ShapeShift Hack Was an Inside Job, Says Erik Voorhees


ShapeShift Hack Was an Inside Job, Says Erik Voorhees

Instant multi-currency exchange ShapeShift was the victim of a security breach led by a previous team member, company CEO Erik Voorhees has revealed.

Also read: Andreas Antonopoulos: Bitcoin’s Name Sucks, I’d Rename it to ‘TrustNet’

Voorhees ‘Confident’ Ex-Team Member Involved

Posting an update on ShapeShift’s homepage, which has been offline since the breach was discovered on April 7, Voorhees wrote:

Since the investigation into the ShapeShift hack last week started, we had suspicion that someone previously on the team was involved, and that this person assisted an outside hacker. We are confident now that is is indeed the case.

Erik Voorhees

Voorhees reiterated that no customer funds were at risk, and those who had pending trades at the time of the shutdown are urged to contact ShapeShift in order to secure their funds.

In the update, he added that “evidence continues to be revealed”, and that his team was working with a forensic specialist from LedgerLabs to determine exactly what had happened.

ShapeShift has scrapped its previous server infrastructure and is now rebuilding its entire system from scratch – an extra-mile safety approach seen as necessary for a more trustworthy service. So far, details regarding the scale of the hack and what exactly was stolen remain unavailable. It is also uncertain exactly when ShapeShift will be back online and available for trading. contacted Voorhees for additional comment, but had not received a reply at publication time. He promised to release a more detailed post-mortem after the investigation is complete, adding:

Our team continues to revise and rebuild infrastructure, hardening not only prior vulnerabilities, but future potential attack vectors. It has been inspiring to see anti-fragility in action as ShapeShift gets stronger.

Shapeshift’s exchange, which offers near-instant exchange between numerous cryptocurrencies without the need for registration or customer accounts, has proved popular with users. It does not hold customer balances, meaning only funds from the company’s own hot wallets were at risk of loss.

Security at the Forefront

Prices of most cryptocurrencies other than bitcoin took a dive earlier this week, a move that some have attributed to ShapeShift’s troubles.

hacker-hacking-dark-hoodieInternal security controls are proving as much of a headache for bitcoin exchanges as external threats. A technically skilled, highly-mobile and mostly contract-based workforce – along with law enforcement that lacks the necessary abilities to investigate, and a grey legal environment – makes companies in the cryptocurrency industry particularly vulnerable to heists.

Most, however, have preferred not to speculate openly about the nature of hack attacks. The most notorious example of an alleged “inside job” was also the largest – Tokyo’s Mt Gox, which lost at least 650,000 bitcoins from its storage wallets.

Japanese authorities investigating the case have stated their belief that Mt Gox’s funds were stolen with the cooperation of a former employee, although CEO Mark Karpeles initially maintained the attack came from unknown external sources.

Do you think the hack will make ShapeShift’s security stronger? Let us know in the comments sections below! 


Tags in this story
Erik Voorhees, Hack, Inside job, Security, Shapeshift

Images courtesy of

Jon Southurst

Jon Southurst has been interested in bitcoin since reading Neal Stephenson's 'Cryptonomicon' in 2012. A long-time tech writer, he has been a regular contributor at CoinDesk and has written for, DeepDotWeb and ancient print publications. He lives on an artificial island in Tokyo.

Show comments