Hacking of an electronic currency exchange service

Client
One of the biggest eCurrency exchange services with 12 offices worldwide.

Challenge
The owners of an eCurrency exchange service contacted the HackControl team regarding the hack of their exchange’s API and the theft of electronic cash.

Solution
Cyber Investigation of this incident discovered the exploitation of a HeartBleed vulnerability and a number of other vulnerabilities, including weak passwords, that had helped the attacker get root access to the server. This gave access via API to the perfect money payment system and allowed to transfer funds to a fake wallet and then exchange them for bitcoins.

Hackcontrol implemented a security audit of the server, removed third-party code and shells, updated software, connected Cloudflare CDN, and configured a firewall and special Nginx server security headers.

Additional services we delivered:

  • ● added extra verification for suspicious payments;
  • ● configured security certificates to enter on the website;
  • ● configured access control lists;
  • ● configured access to the server with a key instead of passwords;
  • ● our team of security engineers tested the logical part of the system, updated access to accounts, recovered passwords, and helped with the administration of some of the resources.

 

Talk to an Expert

1. We will review your request within 2 hours and contact you.

2. We will check your company and describe the workflow.

3. We will start cybersecurity check.

    Privacy Policy

    Vitaly is a principal consultant at Hackcontrol as wall as aa business and IT thought leader. He has over 15 years of experience in consulting, account management and is a specialist in cybersecurity.