ShapeShift Sues Former Senior Engineer; Stole 90 Bitcoins ($900k) Via Code Put on Servers
ShapeShift crypto exchange is suing a former senior engineer, Azamat Mukhiddinov, who siphoned roughly 90 BTC from the firm’s funds to an external wallet. The Switzerland domiciled crypto business filed this matter in a Colorado court, seeking restitution for damages incurred in pursuant of Azamat.
Notably, Azamat had already reimbursed the siphoned funds in one way or another, but ShapeShift now estimates tracking him could have cost the firm tens of thousands. The filing reads,
“In total, ShapeShift’s costs and expenses relating to the investigation of Azamat’s theft and the repair of its effects totaled tens of thousands of dollars, if not more.”
Other than the tracking costs, ShapeShift also highlighted that the event caused a lag in launching its new mobile application, which should have been out sooner than July. The filing further notes that ShapeShift employees had to spend long hours rewriting code to make the software secure, a process which ultimately involved a thorough review of the ShapeShift infrastructure.
The Inside Job at ShapeShift
Azamat joined ShapeShift as a senior engineer back in 2018; this was around the same time that the exchange enhanced its KYC requirements. With direct access to most of ShapeShift’s backend design, the former senior engineer saw an opportunity to breach the network for personal gains despite the binding contractual agreements.
This siphoning process began back in November 2019 and was executed up to May this year when ShapeShift eventually figured out that some coins were missing. According to the investigation findings, Azamat had created his own software and integrated it within the ShapeShift ecosystem. The embedded code allowed Azamat to siphon around 0.5 BTC progressively, taking advantage of his experience with ShapeShift’s backend security.
Upon being confronted on May 25, Azamat admitted to having compromised ShapeShift for personal gains. He, however, agreed to reimburse the total $900,000 worth of BTC in both crypto and fiat since a portion of the stolen digital assets had been spent. The filing notes that Azamat returned 60 BTC and a duffle bag with $31,900 while paying the rest in small portions. ShapeShift highlighted,
“Eventually, Azamat returned, in one form or another, all of the $900,000 in bitcoin he had stolen.”
It is quite noteworthy that Azamat’s breach at ShapeShift is not the first inside job the company is experiencing. Back in 2016, a similar incident resulted in the loss of hundreds of thousands of dollars. Nonetheless, McGregor is confident that the steps were taken after the 2016 incident came in handy with the latest inside job attempt.