Hacking of an electronic currency exchange service

Client
One of the biggest eCurrency exchange services with 12 offices worldwide.

Challenge
The owners of an eCurrency exchange service contacted the HackControl team regarding the hack of their exchange’s API and the theft of electronic cash.

Solution
Cyber Investigation of this incident discovered the exploitation of a HeartBleed vulnerability and a number of other vulnerabilities, including weak passwords, that had helped the attacker get root access to the server. This gave access via API to the perfect money payment system and allowed to transfer funds to a fake wallet and then exchange them for bitcoins.

Hackcontrol implemented a security audit of the server, removed third-party code and shells, updated software, connected Cloudflare CDN, and configured a firewall and special Nginx server security headers.

Additional services we delivered:

  • ● added extra verification for suspicious payments;
  • ● configured security certificates to enter on the website;
  • ● configured access control lists;
  • ● configured access to the server with a key instead of passwords;
  • ● our team of security engineers tested the logical part of the system, updated access to accounts, recovered passwords, and helped with the administration of some of the resources.

 

Contact us