Earn up to 12% APY on Bitcoin, Ethereum, USD, EUR, GBP, Stablecoins & more.

Start Earning Interest
Your gateway to Bitcoin and beyond

ShapeShift employee allegedly stole $900,000 in Bitcoin from company accounts

ShapeShift employee allegedly stole $900,000 in Bitcoin from company accounts


Crypto firm ShapeShift filed a civil action against a former employee of its engineering team who allegedly stole over 90 Bitcoin from company accounts, court documents show.

Employee steals Bitcoin over six months

Azamat Mukhiddinov, a former senior software engineer hired by ShapeShift in August 2018, was accused by his ex-employer to have installed an illicit program that siphoned off Bitcoin from ShapeShiftโ€™s corporate accounts to an external, private wallet.

The act was committed between November 2019 and May 2020, documents said. Azamat made away with 90 Bitcoin during the time but was caught after ShapeShift used โ€œa tremendous amount of its internal and external resourcesโ€ to catch the culprit.

Azamat was finally confronted by ShapeShift on May 25 and reportedly admitted to the theft. But he confessed to having already spent some of the stolen Bitcoin and converting it to US dollars.

โ€œEventually, Azamat returned, in one form or another, all of the $900,000 in bitcoin he had stolen,โ€ said ShapeShift.ย 

While all is said and done, the company is now seeking restitution for the upfront costs it took for tracking Azamat down. ShapeShift said its employees had to rewrite code, secure ShapeShiftโ€™s software, and โ€œundertake thorough remediation of the Companyโ€™s computer networks, software, and infrastructure,โ€ justifying the amount sought.

The firm said:

โ€œIn total, ShapeShiftโ€™s costs and expenses relating to the investigation of Azamatโ€™s theft and the repair of its effects totaled tens of thousands of dollars, if not more.โ€

Security expert weighs in

Jonathan โ€œDukeโ€ Leto, the founder of privacy protocol Hush and a software security engineer, told CryptoSlate the very act of an employee stealing 0.5 Bitcoin daily for months was a red flag that should have been caught at the first instance.

In a note to CryptoSlate, he added the crime showed that ShapeShift had “very little backend monitoring because Azamat was stealing Bitcoin every day for months,” and that the firm was lucky to find the culprit before he “emptied all their funds and disappeared.โ€

Meanwhile, Erik Vorhees, the founder of ShapeShift weighed in with his statement to Letoโ€™s comments, confirming that all user funds on ShapeShift funds are stored in non-custodial wallets and such a security feature has been implemented by design.

At press time, the case is ongoing.

(Authorโ€™s note: Any additional comments from Erik Vorhees will be updated in the story.)

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis
Price snapshots
More context
Join now for $19/month Explore all benefits
Posted In: , , Hacks

Like what you see? Subscribe for updates.