Cryptocurrency firm KeepKey offers 30 Bitcoin reward for arrest of ransom-hungry hacker
The hacker demanded 30 Bitcoin in ransom, but the firm's CEO went public.
KeepKey, a firm that produces a hardware wallet used to store cryptographic keys for virtual currency, is offering a 30 Bitcoin (£22,379, $27,540) bounty for tips leading to the arrest of a hacker who tried to hold the company's founder to ransom after breaking into his personal accounts.
Darin Stanchfield, chief executive of KeepKey, explained in a blog post how his company email and smartphone were both "temporarily compromised" by a hacker, who then proceeded to reset all accounts linked to the email. The incident took place on Christmas Day 2016.
Stanchfield, after being alerted to the issue, was able to set up a secondary secure email server and begin reversing the account resets.
At the same time, the hacker, who remains unknown at the time of writing, contacted KeepKey and demanded 30 Bitcoin in ransom.
The cybercriminal, while speaking with a company engineer via phonecall, said if payment was received the firm would be told how Stanchfield's email and phone was hacked, what information was accessed, destroy the stolen data, return all accounts and keep the breach secret.
Instead, Stanchfield opted to go public, post about the breach on Reddit and inform his cryptocurrency community of the troubles. At the same time, he filed reports to the FBI Cyber Division and reported the attacker's IP addresses, phone number and browser data − even if these were likely masked.
KeepKey maintains that its computers, servers, network and customer support portal were never compromised by the hacker. The CEO's blog post added that no customer funds stored on the firm's products were ever at risk. However, it did admit the hacker had indeed accessed some data.
This included "temporarily access" to sales distribution channels, a shipping and logistics vendor and an email marketing software account. "This means he momentarily had access to a portion of our customer data," Stanchfield wrote, adding that all impacted users had already been informed.
The firm stressed that its devices − which secures virtual currencies like Bitcoin, Ethereum and Litecoin by storing private "keys" − hold no personal identifiable information. Furthermore, funds on KeepKey can only be spent if the hacker had physical access to the device, it added.
"Although there was absolutely no way we would ever negotiate with or pay off a criminal to keep this breach secret, we do want to see his capture," Stanchfield said.
"We are offering 30 Bitcoin [BTC], the amount he requested, as a bounty. Any tips that leads to an arrest qualifies for this reward. Information can be provided anonymously: just include a Bitcoin address for payment of the reward."
© Copyright IBTimes 2024. All rights reserved.