Web-based electronic payment processor, EgoPay, has claimed that it was hacked on 28 December 2014, and again over the weekend of 17 / 18 January 2015.
In its blog post of 20 January 2015, EgoPay explained that
“In December 2014, we discovered a hack that was being perpetrated by someone related to our company and office. Today we now know that … the site was hijacked during this weekend (Jan 17-18). We have since regained control on everything, but in order to minimize any further losses we felt the need to completely bring the web-site down … there was a hack and that is why all the merchant related services were turned off … the employees that were [allegedly] involved or incompetent, have all been fired while investigations continue. Due to the above, tickets slowed down since there were no more employees to handle it, however this looks like it is getting rectified as a new team is being assembled …The services are coming back online already …”
From EgoPay’s subsequent statements, it appears that an employee of EgoPay entered false values into its merchants’ platform, although no real value was actually transmitted to them, or within the EgoPay system. These false values were then converted, apparently irreversibly, into fiat currency before the security breaches were discovered.
EgoPay has suspended all automatic transaction processing and Several bitcoin clients, including BTC-e and GOLDUX.com, have claimed that EgoPay has frozen thousands of dollars’ worth of their funds. Bitcoin news website, Coindesk, has reported that EgoPay’s former CEO, Tadas Kasputis, believes that EgoPay’s customers have lost up to $1.1 million in these attacks. EgoPay has also alleged that its own funds have been “embezzled“.
EgoPay has operated as a global electronic payment processor since at least 2009. It had been gradually building up a list of merchants that featured EgoPay as a payment processor. The future of these relationships is currently unknown.