ShapeShift employee allegedly stole $900,000 in Bitcoin from company accounts

ShapeShift employee allegedly stole $900,000 in Bitcoin from company accounts

yousef-espanioly-Wd9JdX7a7ls-unsplash

Crypto firm ShapeShift filed a civil action against a former employee of its engineering team who allegedly stole over 90 Bitcoin from company accounts, court documents show.

Employee steals Bitcoin over six months

Azamat Mukhiddinov, a former senior software engineer hired by ShapeShift in August 2018, was accused by his ex-employer to have installed an illicit program that siphoned off Bitcoin from ShapeShift’s corporate accounts to an external, private wallet.

The act was committed between November 2019 and May 2020, documents said. Azamat made away with 90 Bitcoin during the time but was caught after ShapeShift used “a tremendous amount of its internal and external resources” to catch the culprit.

Azamat was finally confronted by ShapeShift on May 25 and reportedly admitted to the theft. But he confessed to having already spent some of the stolen Bitcoin and converting it to US dollars.

“Eventually, Azamat returned, in one form or another, all of the $900,000 in bitcoin he had stolen,” said ShapeShift. 

While all is said and done, the company is now seeking restitution for the upfront costs it took for tracking Azamat down. ShapeShift said its employees had to rewrite code, secure ShapeShift’s software, and “undertake thorough remediation of the Company’s computer networks, software, and infrastructure,” justifying the amount sought.

The firm said:

“In total, ShapeShift’s costs and expenses relating to the investigation of Azamat’s theft and the repair of its effects totaled tens of thousands of dollars, if not more.”

Security expert weighs in

Jonathan “Duke” Leto, the founder of privacy protocol Hush and a software security engineer, told CryptoSlate the very act of an employee stealing 0.5 Bitcoin daily for months was a red flag that should have been caught at the first instance.

In a note to CryptoSlate, he added the crime showed that ShapeShift had “very little backend monitoring because Azamat was stealing Bitcoin every day for months,” and that the firm was lucky to find the culprit before he “emptied all their funds and disappeared.”

Meanwhile, Erik Vorhees, the founder of ShapeShift weighed in with his statement to Leto’s comments, confirming that all user funds on ShapeShift funds are stored in non-custodial wallets and such a security feature has been implemented by design.

At press time, the case is ongoing.

(Author’s note: Any additional comments from Erik Vorhees will be updated in the story.)

Posted In: , , Hacks

Like what you see? Subscribe for daily updates.