Connect with us

Hi, what are you looking for?



Bitcoin Trader Cryptsy Robbed via IRC Backdoor

Cryptsy Robbed via IRC Backdoor

Cryptsy Robbed via IRC Backdoor

Cryptsy, a website used for trading Bitcoin, Litecoin, and other crypto-currencies, recently revealed that it had been robbed, accusing a $5.7 million theft and suspending trades and withdrawals.

According to Cryptsy, the theft took place on July 29, 2014, but they decided to go public with the incident only now, after unsuccessfully trying to involve the FBI. In an announcement, the Cryptsy team said that recent problems users have been experiencing are related to this incident and not to recent phishing or DDoS attacks.

The notice said the culprit was found to be the developer of Lucky7Coin (LK7), who placed an IRC backdoor into the code of wallet, and that the malicious code acted as a Trojan, or command and control unit. The Cryptsy team suggests that the Trojan was present in their system for months before the attack happened, most likely for about two months.

This specific period of time was mentioned because the team received an email on May 22, 2014 from a person claiming to have taken over the Lucky7Coin development, informing them that the IRC network has been changed so that clients could “synchronize blockchain,” and that they should update as soon as possible.

Since this person was not the original Lucky7Coin developer, the team suggests that they are responsible for the attack, and that the backdoor was introduced in this update. The GitHub repo for LK7 hasn’t been modified for the past two years, with the latest commit added on May 21, 2014.

Following the attack, Cryptsy discovered that the perpetrator stole around 13,000 Bitcoin and 300,000 Litecoin, amounting to roughly $5.7 million. After discovering the theft, the website decided to use its reserves of those cryptocurrencies and to pull from its profits to fill the wallets back up over time.

However, profits decreased due to low volume and low Bitcoin prices, and things started to crumble in October, after Coinfire published an article that, according to Cryptsy, “contained many false accusations.” Cryptsy’s Paul Vernon officially responded to the accusations, but they caused a bank-run, and the website’s problems started then.

Advertisement. Scroll to continue reading.

According to the website, the stolen Bitcoins haven’t moved since the incident, which would suggest that there might be a small chance that they can be recovered. In fact, Cryptsy, which notes that their current customer liability is around 10,000 BTC, is offering a bounty of 1,000 BTC for information which leads to the recovery of the stolen coins.

Furthermore, the website claims that the perpetrator won’t be investigated and their name won’t be revealed if they return the stolen coins. “We will assume that no harm was meant” should the culprit returns the coins no questions asked, Cryptsy says, adding that the entire community might start looking for the perpetrator otherwise.

The website explains that they did not alert the authorities, as they did not want to cause panic, and were not sure who to go to, although they had communication with Secret Service Agent Shaun Bridges. Last year, however, Bridges was charged for stealing Bitcoins during an investigation of the Silk Road underground market.

Cryptsy also notes that they alerted the Miami FBI, but were redirected to report the issue on the I3C website and that no reply was received so far. For the time being, the website is suspending trades and withdrawals indefinitely until a solution to the problem is found, one of the options being to file for bankruptcy, letting users file claims via the bankruptcy process, and letting the court make the disbursements.

However, they are also willing to agree to an acquisition, under the terms that the entity acquiring Cryptsy would be making good on requested withdrawals.

For the time being, the website has decided to clear out the order books place all funds back into user accounts.

The website also prompted a force password reset for all user accounts after being hit by a phishing attack attempt last week. Cryptsy users will have to change their passwords on their next login to the website.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...