Cyber Incident Victim: AllCrypt
Date:
Mar 2015
Location:
United States of America
Summary
A cryptocurrency exchange experienced a security breach resulting in the theft of 42 BTC, causing significant operational disruption as its website became inaccessible with only a status message displayed. The attackers exploited a vulnerability in WordPress to compromise the platform, which had previously claimed its small size made it an unlikely target for such attacks. The incident raised uncertainty about the exchange's future viability, despite its earlier role in supporting niche altcoins and offering privacy-focused features like email-free signups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 17, 2015, the alternative cryptocurrency exchange AllCrypt suffered a security breach resulting in the theft of 42 Bitcoin (BTC). The attackers exploited a vulnerability in the exchange's WordPress platform to compromise its systems and access funds. Following the breach, AllCrypt's website became inaccessible, displaying only a notification acknowledging the incident without disclosing detailed technical specifics. The exchange's operators characterized the stolen amount as significant for a small-scale platform despite its relatively modest market value. This incident occurred approximately one month after AllCrypt publicly dismissed its susceptibility to attacks via a February 16, 2015 Twitter post asserting its operational safety due to perceived insignificance as a target.
The breach disrupted AllCrypt's operations indefinitely, casting uncertainty on the exchange's future viability. Users reported prior functionality for trading niche cryptocurrencies including JackpotCoin and CannabisCoin, with some noting the platform's privacy-focused feature allowing account creation without email verification. In response to the incident, AllCrypt published an explanatory blog post titled "What Happened and What's Going On," though its contents remain unspecified in available sources. The attack's impact extended beyond financial losses to undermine user confidence, particularly given the platform's earlier security assurances. No public information indicates whether user compensation occurred or whether law enforcement investigations ensued following the theft.