Cyber Incident Victim: Cryptsy
Date:
Jul 2014
Location:
United States of America
Summary
The cryptocurrency exchange Cryptsy suffered a security breach involving Trojan malware infiltration, resulting in the theft of approximately $6 million in Bitcoin and Litecoin. The founder delayed public disclosure for over a year while attempting to conceal losses by redirecting new user deposits to cover stolen funds, leaving clients unable to withdraw assets and prompting a federal investigation. The platform remains indebted to users for substantial unpaid balances, with a bounty offered for recovery of the stolen cryptocurrency as potential resolutions including acquisition or shutdown were considered.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Cryptsy cryptocurrency exchange breach was first detected internally prior to January 2016, though the exact discovery date remains unspecified in public disclosures. Founder Paul Vernon, operating under the alias "Big Vern," confirmed in January 2016 that attackers had compromised the platform by inserting Trojan malware into its codebase, enabling unauthorized transfers of bitcoin (BTC) and litecoin (LTC). The malicious activity resulted in the theft of approximately 13,000 BTC and 300,000 LTC, valued collectively at $6 million USD at the time of disclosure. Cryptsy intentionally withheld notification of the breach from its users for over a year following initial detection, during which period the exchange attempted to conceal the shortfall by redirecting operational revenue into customer wallets depleted by the theft. This concealment strategy occurred while unaware clients continued depositing funds into compromised accounts, exacerbating financial liabilities.
The operational impacts materialized when users were denied access to their accounts and prevented from withdrawing funds, effectively rendering their assets inaccessible. A US federal court initiated investigations into Cryptsy's handling of client funds amid allegations of financial misconduct. Vernon publicly attributed the attack to the developer of Lucky7Coin and offered a 1000 BTC bounty for information leading to recovery of the stolen cryptocurrency, while simultaneously threatening legal retaliation if funds weren't returned voluntarily. Three potential resolutions were outlined: acquisition by another entity capable of covering liabilities, formal bankruptcy proceedings to distribute remaining assets through courts, or successful recovery of stolen funds through the bounty initiative. Community proposals included redistributing losses across all users or restricting withdrawals for specific cryptocurrencies until fee revenue could offset deficits. The exchange remained operational during these deliberations while actively seeking community leadership to maintain platform functionality, with outstanding debts to clients totaling approximately 10,000 BTC ($3.83 million USD) at the time of reporting. Federal investigative assistance was reportedly sought but not secured during the crisis period.