Tuesday, May 17th, 2016 | 5 min read
A Russian hacker, a rogue employee, the “currency of the future,” and almost a quarter of a million dollars stolen from a thriving start-up – is this the plot of the next James Bond movie?
This story won’t be coming to a theater near you any time soon. Instead, it’s a lesson in crisis management and trusting in the empowered and connected customer.
In Looting of the Fox: The Story of Sabotage at ShapeShift, CEO Erik Voorhees writes a heartfelt mini-novella explaining how his company, ShapeShift, was hacked not once, not twice, but thrice, resulting in the theft of more than $200,000.
The story gave leaders in crisis management a glimpse of the expectations that future customers will have when a brand confronts a crisis, and a playbook for how to respond.
Now, even if you don’t have any understanding of bitcoin, the blockchain, or cryptocurrencies, you will be able to understand what happened to ShapeShift, one of the leading cryptocurrency exchanges (think of it as a way to exchange your US dollars for virtual money, as you would for Euros or any other currency).
It’s important to not get lost in the rat hole of the cryptocurrency security versus fiat debate, or the specifics of the technology.
What’s important to recognize in this incident is HOW Erik responded.
Pretty damn near radical transparency. With the possible exception of sharing the passwords to his servers, Erik nearly reveals all available information. Erik doesn’t attempt to shield his company or his own self-respect by shirking on the details. Instead, he leads readers through the entire process that resulted in the company being stolen from three times. Not only does he reveal the steps taken to protect the company, but also what should have happened to prevent the last two hacks.
My personal favorite part is how he tells you how he put out the fishing line for the hacker – and how he reeled him in.
In the piece, Erik discusses how he screwed up as a CEO. He highlights the flaws in his hiring process, his technology, and his security – and takes full responsibility in the process. “We learned some of our own vulnerabilities and our own mistakes,” he admits, without attempting to place the blame elsewhere. In fact, he compliments his employees multiple times for their handling of such a difficult situation.
Erik published not on his own site, but on bitcoin.com. Doing so was a way to demonstrate accountability and ensure that a large audience would hear the story. Rather than letting others speculate on what occurred, or leaving the story in a reporter’s hands, Erik took the bold path and wrote his own narrative. By publishing on a site central to his industry, he allowed ShapeShift to be judged by the community, and also enabled many to learn from the company’s challenges.
One could easily read Erik’s post and conclude that he’s a CEO who doesn’t know what he’s doing.
But that would be a fallacious conclusion.
In reality, he’s a leader who is human and accountable. He’s a CEO who understands his customers and the importance of trust and transparency. Erik knew that his customers would understand that “no person or organization is perfect,” as he says, and that ShapeShift has learned from its mistakes.
We don’t know for sure whether bitcoin or ShapeShift will be here in 10 years, or even next year.
What we do know is that through his piece, Erik gives us a valuable preview of how companies of all sizes will have to behave in a world where bitcoin and companies like ShapeShift (and whatever comes after) will change customer expectations dramatically.
Erik couldn’t immediately recoup his company’s losses or even sweep the mistakes under the rug. What he did was the next best thing – put all the facts out to be reviewed by the community.
Judging from the comments, his trust and belief in the connected and empowered customer seems to have worked.