Shen didn’t confirm how much Augur he lost, but the hacker, who also took over Shen’s Twitter account, had allegedly bragged about stealing and dumping 110,000 Augur (around $300,000).
Poloniex, the cryptocurrency exchange through which the hacker’s transactions were processed, said on Twitter that they’ve investigated the matter.
“The trades in question were executed via an instant exchanger service, limiting what we can find,” Poloniex said.
Hacker took over Shen’s phone number from his mobile carrier
Peterson said the same hacker had attacked other members of the Augur cryptocurrency project in the past.
The developer also explained on Twitter how the attacker had breached Shen’s accounts.
“In every case their MO [modus operandi; mode of operation] seems to be the same,” Peterson wrote. “Social engineering of cell-phone carriers to get your phone number, then if you have a recovery phone number enabled in your email they use your phone to take over your email.”
“Once they have your email they can use password resets etc. to take over everything else,” Peterson also added.
The developer is recommending that cryptocurrency users avoid adding a phone recovery number to email accounts used for cryptocurrency wallets. He also points users to a blog post with a few basic security tips.
The hijacking of phone numbers at the mobile carrier level is a very common problem, of which the US Federal Trade Commission (FTC) has taken notice earlier this year.
Both Augur and Ether prices have recovered since yesterday’s news of Shen’s hacking. The Chinese investor also holds large accounts in cryptocurrencies such as Bitcoin, Ripple, Bitshares, and Factom, but not suspicious transactions have been reported so far.