
The Hack at ShapeShift - swalberg
http://moneyandstate.com/looting-of-the-fox/
======
neopallium
This story (on two different websites) was posted twice [0],[1] about a month
ago.

[0] is by the same author as this post (Erik Voorhees CEO of Shapshift).

[1] is by "E. Gün Sirer"

It doesn't seem to have any new content.

0\.
[https://news.ycombinator.com/item?id=11550765](https://news.ycombinator.com/item?id=11550765)

1\.
[https://news.ycombinator.com/item?id=11565823](https://news.ycombinator.com/item?id=11565823)

------
dcposch
this is easily the most riveting and stomach churning "incident postmortem"
that i've seen.

the story has a lot of layers to unpack. if you care about infosec, read it.
if you're running an organization and have employees in positions of trust,
read it.

then audit your permissions, make sure nobody in your org has excessive
access, set up offsite logging, and hope this doesn't happen to you

------
elevensies
I think the 2nd hack was Bob's exit plan. By selling the info to the hacker
and compromising the employee computer, he is setting up the "who?" and the
"how?" to point away from himself, and hoping it will also be used to explain
the 1st theft. Except it didn't work very well!

------
JoachimSchipper
Among the many charming details, do also note the author's choice of words in
"social serfdom number".

