This story (on two different websites) was posted twice [0],[1] about a month ago.<p>[0] is by the same author as this post (Erik Voorhees CEO of Shapshift).<p>[1] is by "E. Gün Sirer"<p>It doesn't seem to have any new content.<p>0. <a href="https://news.ycombinator.com/item?id=11550765" rel="nofollow">https://news.ycombinator.com/item?id=11550765</a><p>1. <a href="https://news.ycombinator.com/item?id=11565823" rel="nofollow">https://news.ycombinator.com/item?id=11565823</a>
this is easily the most riveting and stomach churning "incident postmortem" that i've seen.<p>the story has a lot of layers to unpack. if you care about infosec, read it. if you're running an organization and have employees in positions of trust, read it.<p>then audit your permissions, make sure nobody in your org has excessive access, set up offsite logging, and hope this doesn't happen to you
I think the 2nd hack was Bob's exit plan. By selling the info to the hacker and compromising the employee computer, he is setting up the "who?" and the "how?" to point away from himself, and hoping it will also be used to explain the 1st theft. Except it didn't work very well!