Great work, Mike.
I have a few questions, if you don't mind.
1: In your report, you stated the following:
We also learned that the compromise began sometime around early September, and was enabled through a common trend of universal passwords. Unfortunately we can not track down exactly whose password was compromised but it points to one of the owners of MidasCoin who probably shared sensitive login details via Skype or email.
From our point of view the attacker simply logged into the servers using user accounts he had access to. No exploits. No vulnerabilities or backdoors in third party software. He simply logged in. Another reason we assume access was gained through the misuse of universal passwords is because the attacker did indeed fail to log into the servers multiple times:
1.1: Why did you assume the password/s was/were compromised via Skype/email? Was there evidence pointing to that fact? Couldn't the 'hack' be a smokescreen, and the owners were
involved all along, especially in light of the subsequent dump at Bittrex?
1.2: You used the phrase "one of the owners". Aside from Alessandro Soldati, was anyone else identified?
2: The owner of Coin Source, the organization which conducted the '
Proof of Developer',
claimed to have been contacted by "authority agencies". Have you been in contact or contacted with/by said agencies and/or Coin Source? If no contact has been made, are you planning on approaching Coin Source to initiate contact with the "authority agencies" in question?
3. The owner of Coin Source identified the developer as 'Guiseppe'. Is that an alter ego of Soldati or someone else entirely?