Canadian Bitcoins, an Ottawa-based Bitcoin exchange, was defrauded of more than $US100,000 worth of the digital currency in a comically low-tech heist, reports the Ottawa Citizen.
The Bitcoin thief started a customer service chat session with Granite Networks, the company hosting Canadian Bitcoins’ server, and claimed to have a problem with it. The server was rebooted in safe mode, which bypassed the all-important security measures that would normally keep it safe. The rest was a cinch:
According to a text copy of the chat session obtained by the Citizen, at no point during the nearly two-hour-long conversation was the caller asked to verify his identity. After being asked, the technical support worker gained access to Grant’s locked server pen, plugged in a laptop and then manually gave the fraudster access to Canadian Bitcoins servers, where he cleaned out a wallet containing 149.94 bitcoins, valued at around $US100,000.
James Grant is the proper owner and he’s obviously displeased with how the situation was handled. “It’s completely ridiculous,” he told the Citizen. “All they did was go on the chat session and say, ‘Hi, I’m James Grant and I have a server with you’ and the data centre said, ‘Yes you do, what can we do for you?”
The unfortunate irony here is that the Citizen describes Granite Networks’ server facility as being “built to some of the highest security standards in the industry.” Yet the story effectively boils down to this: a thief claiming to be the rightful owner of a server containing Bitcoins asked for access and was pretty much granted it.
After that he did what thieves do and took off with the loot.
Parent company Rogers Communication issued a statement surrounding the incident:
The situation surrounding this customer is unique to this customer, and does not apply to any other customer of Rogers Data Centres. Rogers has been fully co-operative with authorities in the investigation.
Rogers Data Centres provides the highest level of security in the Canadian data centre industry. Its security protocol is operationally certified and in accordance with industry best practices. We have reviewed our security processes and continue to work with our customers to make sure they take advantage of all of our security features.