Browsing Category

Exchanges

Exchanges,

Mintpal Hack Took Place Exactly 4 Years Ago

Those of you who have been around in the crypto thing probably remember that exactly four years ago, we witnessed one of the most notorious hacks in the history of digital assets.

Back in 2014, there was an exchange called Mintpal and to say that it had a rough year would be a major understatement. First, it came to life in February and according to statements from its developing team it had two major goals in mind – ultra fast support and the best UX possible. Every month Mintpal added new assets, the most popular among them. These tactics proved to be working pretty well since at one point it was one of the most well-known exchanges offering altcoins.

However, on July 13 someone conducted an attack at a Vericoin wallet and successfully ran away with 8,000,000 Vericoin tokens. Back then that was worth $2 million and the number of tokens stolen was roughly 30% of the circulating supply. What’s the moral of the story? If you keep your tokens in a hot wallet (like Mintpal did) you are an easy target.

The culprits tried to drain Bitcoin and Litecoin wallets as well but this time Mintpal was clever enough to store its Litecoin and Bitcoin supplies in cold wallets. If you are new to cryptocurrency and you are not familiar with the types of cryptocurrency wallets, refer to our Ultimate Guide to Cryptocurrency Wallets.

At around the same time, Alex Green’s Moolah (officially known as Moopay LTD.) acquired Mintpal. The idea was Mintpal to act the main altcoin exchange for Green’s then operating platform. Unfortunately, Mintpal just was born with a bad luck. In late October, the exchange suffered another attack and as a result, 3,700 Bitcoins vanished out of thin air.

Surprisingly, the community later revealed that it was actually Alex Green, the CEO of Moolah, who staged the whole thing. At that time, the stolen Bitcoins were worth $1,500,000. Thankfully, three years later, in 2017 the authorities launched a criminal investigation, which is still going.

What’s the moral of the story? You cannot trust an exchange but you can trust a cold wallet. In fact, this is more relevant than ever since in 2018 the cybercriminals have stolen $833 million worth of crypto. Get your Trezor, KeepKey, or Ledger now and show them the finger!

 

Exchanges, security,

Fake EOS Tokens Flood A Fake Decentralized Exchange, $60k Stolen

If you think your tokens are safe in an exchange, you are wrong. If you think trading through an exchange is safe, you are wrong again. If an exchange claims it is decentralized, well it doesn’t mean it really is. So why am I bitching about this again? Well, partly because crypto security is an evergreen topic and partly because somebody somehow exploited exchange vulnerabilities once again.

Pssst, kid! Wanna buy some EOS?

It seems like EOS troubles have no end. The startup did raise $4 billion from institutional investors to challenge Ethereum and virtually every couple of days we see hackers chewing off bits of EOS and spitting them in investors’ faces.

The EOS protocol allows everyone to create a token and name it whatever they like. Yes, “EOS” is just the perfect name and it’s free, ya know. Thanks to this smart move from the real EOS engineers, the baddies “developed” an EOS-based token, named it “EOS” and flooded one particular “decentralized” exchange with copycats. One billion fake tokens to be exact. And do you know what’s worse? By the end of the perfectly staged attack, the culprits smuggled some $58,000 from ordinary traders.

Decentralize this!

Probably, this is the most hackless hack in the history of hacks and here’s why. The bad boys never really had to hack the exchange, because it doesn’t utilize smart contracts and it is not even decentralized. They purchased some altcoins with their fake EOS tokens and then exchanged them for the real EOS equivalent, which they siphoned through Bitfinex.

Newdex (the “hacked” marketplace) said in a statement:

“EOS account oo1122334455 issued 1,000,000,000 fake EOS tokens. After testing the feasibility of the attack, the account began to place large [buy orders]. A total of 11,800 fake EOS orders were issued to purchase BLACK, IQ [sic] and ADD.”

Thanks, Captain Obvious! Now, since there is no smart contract to verify the authenticity of the tokens it receives, anyone can send anything and fool the system. In other words, Newdex is not a decentralized exchange. It is just a single account that conducts the transactions, pretending to be an asset exchange. Ha-ha-ha, very smart. It turns out traders were just sending money to a personal EOS account, hoping it would settle their transactions accordingly.

In fact, the crypto community smelled something wrong is going on days before the attack:

“Unlike a real DEX, they do not have a smart contract that holds funds / handles order matching on-chain. Instead, they match all orders off-chain in a centralized server. […] What’s worse, they deceptively present Scatter as the login and trading interface, so you feel like you’re using a DEX. In reality, you aren’t sending funds to any smart contract, it’s just a regular EOS account they own ‘newdexpocket’, that doesn’t even have a smart contract running on it. […]This means there’s no smart contract or ABI on that account. Essentially all you are doing when you submit an order from their interface is sending your funds to their personal EOS account and hoping they return you the tokens you’re buying/selling.”

Well, I have nothing more to add, this whole fiasco has really blown me away. And remember, stay off of Newdex.

Exchanges,

Bittrex Delists Bitcoin Gold

Hey, are there any Bitcoin Gold hodlers out there? We got some news for you – Bittrex is delisting Bitcoin Gold from its platform. The reason for this unexpected turn of events is that the popular Bitcoin hard fork has been a subject to a variety of hacker’s attacks in recent times.

In fact, the internet bad boys managed to snatch some $20 million worth of BTG. If you remember, the online pirates hijacked enough computing power to smuggle 51% of the total hash power in May. Back then, Bittrex was one of the exchanges that suffered from the attack. During the fiasco, the culprits stole over 388,000 BTG, which at that time was worth roughly $18 million dollars. They ultimately abused exchanges, tricking them to transfer more coins than necessary thanks to a method called “double-spending”.

Though it never became clear how much Bittrex had lost during the attack, according to the Bitcoin Gold developing team, the exchange asked for a 12,000 BTG ($255,000) compensation. It later posted an official statement, an excerpt from which reads:

Bittrex informed us that they make this decision because the BTG team would not “take responsibility for our chain,” and that taking responsibility meant paying Bittrex 12,372 BTG to cover the loss they incurred. They later informed us they would cover part of the loss from their own BTG reserves and requested we pay the remaining ~6,000 BTG ($127,000), and that if we did not, we would be delisted.

Unfortunately, the case only goes to show that blockchain technologies are not as safe as we think they are. The BTG team refuses to take the blame and instead claims that it is the Proof-of-Work algorithm, which powers Bitcoin Gold that failed.

The Bitcoin Gold team is not responsible for security policy within private entities like Bitrex [sic]; those who earn revenue running a private business must manage the related risks and are ultimately responsible for their own security.

This is not the first time Bitcoin Gold takes a blow due to a hacker’s attack. Last year, someone developed a fake BTG wallet, thus successfully stealing $3.3 million worth in BTG. Whether Bittrex’s action will affect the price of Bitcoin Gold or not we cannot tell. But according to CoinMarketCap, its value remains stable despite the bad news.

Of course, none of this would have happened if both exchanges and traders relied more on cold wallets.

 

Exchanges,

Why Do We Need Both Centralized and Decentralized Exchanges?

When Sakotoshi Nakamoto came up with the concept of Bitcoin he emphasized heavily on decentralization. Neither Bitcoin nor any other cryptocurrency would have been that popular if they did not promise something the 21st-century kids want – independence. Sakatoshi painted a world where money is distributed peer-to-peer without the need for mediators. This idea touched our romantic hearts for a couple of reasons. It came to life in a moment when the 2008 economic crisis was at its peak. At this point, a great number of people had already lost their hard earned money. As you remember, the banks did not offer much safety back then.

Then all of a sudden we had this concept that there might be a currency that can be distributed over tremendous distances without the need for a bank. Needless to say, the idea that this currency is completely independent of the traditional financial system only made it even more viral. I dare to say that if it hadn’t been to this utopian world Bitcoin painted, cryptocurrencies would never have become what they are today.

Bitcoin has been around for almost ten years now but it only made it to the headlines last year. Why? Because its price tripled several times almost topping $20k in December 2017. But I have a question for you, do you think it would have been that huge if the crypto enthusiasts strictly stuck to decentralization? Sorry, but I am not buying that. Decentralization made people love crypto but centralization made them trade it. What I am trying to say is, decentralized and centralized exchanges played crucial roles in the evolution of cryptocurrencies.

Decentralized exchanges

For the uninitiated, a decentralized exchange (DEX) is a place where traders directly trade with each other. Simply said, Joe sells bitcoins straight to Sara and no one controls or monitors the process, apart from the blockchain itself. There is no governing body and traders remain completely anonymous. We can assume that DEX are in line with Satoshi’s vision on crypto finance.

Decentralized exchanges are important because they started it all and they are still the first choice for experienced cryptocurrency traders for a couple of reasons. First of all, since all the information is spread among the participants DEX are practically incorruptible. There is no single place or server if you like that stores all the bitcoin, all the Ethereum and so on. This makes life harder for hackers because they cannot corrupt the whole system, meaning your funds are safe. Though decentralized exchanges offer great security they are not completely protected. Hacker’s can still hijack traffic and direct reckless users to copycats websites and steal one’s public and private keys.

There is one big disadvantage of DEX, however. They are usually hard to use due to the poor user interface. Plus, they require more knowledge and patience compared to their centralized counterparts. In contrast, newbies want to quickly buy some tokens through their smartphones. Even better, if payment options include VISA or PayPal. Unfortunately, decentralized exchanges not always offer that, because if they did they will have to operate with personal data, something the whole cryptocurrency concept is against. That being said, one can only trade on DEX by depositing tokens from a wallet in another exchange, hardware or desktop wallet.

Why do we need centralized exchanges?

First and foremost, they are plain easy to use, they are user-friendly and they are convenient AF. Centralized exchanges account for the greater part of the cryptocurrency trading volume, just because they offer unmatched user experience backed with simple apps available for both iOS and Android. What’s more, one just have to deposit some fiat via VISA or PayPal and they are ready to jump into the crypto ocean. Yes, it is that easy and people dig it.

Nevertheless, centralized exchanges have their drawbacks as well. They have to comply with know-your-customer policies and anti-money-laundering laws, meaning they under the strict control of the regulators. That’s why crypto enthusiasts don’t dig them. They are the epitome of what cryptocurrency stood against in the first place. In addition, they are vulnerable to hacker’s attacks. That’s we it’s advisable to store your funds in cold wallets and never leave your tokens in a centralized exchange.

However, we need them because they are the main source of fresh money entering the market. Even little kids know that without fresh money the market will stop growing and would eventually die. Furthermore, they offer liquidity and last but not least they are the advocates of the worldwide bitcoin adoption.

Didn’t we all want to use cryptocurrencies as a payment method? We did and we still do, that’s why we need both types of exchanges. Ditch one of them and the market will crash in no time.

Exchanges, security,

Korean Exchange Bithumb Lost Over $30 Million During A Hack

You know there is something wrong when a whole week passes by without a trouble. Needless to say, the cryptocurrency community has never experienced such thing. Just days after the Coinrail hack, hackers crushed their next victim.

On Tuesday an unknown group of hackers managed to breach the security of Bithumb. The Korean exchange was the sixth-largest cryptocurrency marketplace in terms of trading volumes. Unfortunately, it joins a long queue of exchanges that got hacked this year. The company reported about the stunt on its official website.

As of the statement, over $30 million worth of digital currencies has been stolen. As a security measure, the exchange has blocked all deposits, transactions, and withdrawals. Another smart move by Bithumb was the removal of all remaining funds into cold wallets. After all, the exchange staff should have done that a long time ago.

Anyways, the exchange promises to refund all the victims from its own vaults in case the stolen funds cannot be traced and returned to the exchange.

Why Bithumb?

If you closely investigate trading data on CoinMarketCap you may notice that when the attack took place, Bithumb accounted for 10% of the world’s XRP trading volume. This makes us think that the prime target of the attackers was Ripple’s in-house token. However, this is yet to be confirmed.

On June 16 Bithumb team did a security enhancement operation. The exchange explained back then:

“Recently, the number of unauthorized access attempts has increased. As such, an urgent server checkup was conducted to strengthen the security of all system.”

Furthermore, Bithumb started relocating user funds into hardware wallets. Having said that, we believe that the recent fiasco is just a successful attempt after a long series of failed ones. It looks like, the exchange staff started to figure out what is going on but it was too late.

So far, we don’t know how exactly the hackers managed to sneak past security layers but it’s obvious that they had found vulnerabilities long time ago.

Stay tuned for more and don’t forget to store your funds in hardware wallets.

Exchanges, security,

Hackers Snatched $40 Million Worth Of Altcoins From Coinrail

Well, it happened again. We have another cryptocurrency exchange that just got hacked. The South Korea-based Coinrail fell victim to an unknown group of hackers who did away with roughly $40 million worth of altcoins.

What exactly happened?

In the 24 hours prior to the attack, Coinrail’s trading volume accounted for $2.48 million. According to CoinMarketCap, it was enough to take the exchange to the top 100 list. Just after the attack took place, the exchange was quick to notify its customers about the breach via Twitter:

coinrail

As of writing, the official website is unavailable. Not surprising, having in mind the hacker have snatched nearly 30% of its token supply. They have stolen altcoins most of which based on Ethereum. Coinrail claims it may refund 20% of the theft thanks to the support of other exchanges, which can halt transactions during the investigation but it cannot guarantee for the remaining 10%. The thieves ran away with $20 million worth of NXPS, which is 3% percent of its market cap. Other coins that took heavy blows were Aston X, Dent, TRON, NPER, Kyber Network, Jibrel Network, Storm, and B2BX.

What’s next?

All Pundi X (NXPS) tokens were relocated to IDEX (decentralized exchange), while all others ended up in EtherDelta. Luckily, IDEX has agreed to freeze all transactions involving NXPS tokens. Investigations have already begun and the Korean Internet & Security Agency is also taking part as per the local media Korea Herald.

Unfortunately, Coinrail is not the first and it won’t be the last exchange that gets hacked. Earlier this year, the Japanese Coincheck lost a staggering $420 million, Coinsecure joins the list with $3.5 million, while BitGrail said goodbye to roughly $150 million if not more. According to certain sources, thieves have already stolen more than $1 billion worth of crypto this year.

Hacker’s attacks have been around since the arrival of the internet and nothing can prevent them. However, you can protect your coins just by storing them in a hardware wallet. And the better cold wallets out there are Trezor, KeepKey, and Ledger.

 

Exchanges, security,

Taylor Got Hacked, Over A Million Worth Of Ether Is Lost

The more cryptocurrencies grow in popularity, the more their value increases. This, in turn, attracts even more people into the ever-growing world of crypto finance. However, a great part of the newcomers are non-tech individuals who don’t necessarily understand the market.

For traders like them, there are various applications that are supposed to make their lives easier. Though relying on third-party solutions is a bad idea, especially when it comes to your funds. Yet, many prefer to “trade” via automated platforms, thus relegating their finances to others. This requires trust, and in the case of Taylor that trust was unjustified. Here’s why – when developers decide to cash in on the crypto trend they create cryptocurrency platforms. Unfortunately, even if they come up with a useful solution they often underestimate security.

What I’m trying to say is, the more popular a crypto app, the more money it proceeds. Hackers know that and once they are sure they can deliver a proper attack they strike. And boy, this time they ran away with 2.578 Ether from Taylor. By today’s prices, this is close to $1.5 million. Additionally, all TAY wallets were drained, including team and bounty pools. Interestingly the founder of Taylor and his advisors have their funds as prior to the attack. There is a reason for that however, they were locked in a contract.

Why, Why, Why?

In a post, the company hints that the probable perpetrator is the same group that conducted the CypheriumChain attack. The company also states that IDEX has delisted TAY tokens until there are more details available. Even worse, Taylor admits that they will be unable to refund the lost funds. So if you had some tokens there, the chances are you will never see them again in any form.

Unfortunately, there are still many inexperienced traders who rely on third-parties to take care of their funds. These days even little kids know that leaving your tokens in an online exchange is a very bad idea. Especially when there are super secure crypto wallets like Ledger, Trezor, and KeepKey.

Exchanges,

Indian Exchange Coinsecure Reports 438 Missing Bitcoins

The tremendous amount of money circulating in the cryptocurrency world is way too tempting for some people. Last week, one of the leading exchanges in India, Coinsecure, was unfortunate enough to prove me right. Despite its name, the online marketplace turned out to be anything but secure.

On April 12, the team informed its community that 438 Bitcoins are missing from the company wallets.

“We regret to inform you that our Bitcoin funds have been exposed and seem to have been siphoned out to an address that is outside our control.”

The coins in question seem to have disappeared on April 8 between 12:35 AM and 6:29 AM local time. By that time the amount of 438 Bitcoins was approximately $3.5 million. On April 10 the Coinsecure team filed a written complaint to the Cyber Cell of the Delhi Police informing the authorities about the happenings. What is bizarre is that the team suspects that theft might, in fact, be carried by the company’s CSO Dr. Amitabh Saxena. The complaint reads:

“The user funds are securely kept in our bitcoin wallet, whose private keys are kept with Dr. Amitabh Saxena CSO and Mr. Mohit Kalra, CEO at Coinsecure.in. On 9th April 2018, we were informed by our CSO, Dr. Amitabh Saxena, that 438.318 bitcoins were stolen from the company’s bitcoin wallet due to some attack. As private keys are kept with Dr. Amitabh Saxena, we feel that he is making a false story to divert our attention and he might have a role to play in this entire incident.”

Now, this is intriguing and disappointing at the same time. In times when hackers’ attacks are the main reasons for cryptocurrency thefts, this comes like a slap in the face. Luckily, the prosecutors are after Saxena as Coinsecure has asked for the seizure of his passport. An update from April 14 states that Dr. Amitabh Saxena has stored the company’s private keys in a “clear text format” on his computer.

While Coinsecure clarified that all fiat funds are safe, the fiasco only goes to show that you cannot trust exchanges when it comes to storing digital currencies. This is just another shocking reminder that hot wallets are not safe.

 

Exchanges,

Beginner’s Guide To Cryptocurrency Trade – Choosing An Exchange

Cryptocurrency trade can be captivating, thrilling and well, sometimes risky. The good news is that you can control the risk factor to some extent. In case you are new to the world of digital currencies you are probably wondering where to start from. We know that it is a little bit confusing but hey, you don’t need to be an IT specialist to trade with tokens. We’ve created this quick guide for those of you who are just starting out.

Choosing the right exchange

There are at least 190 online marketplaces buying and selling digital tokens. And we are not counting those in the dark web. Choosing the right for you may be tricky but not impossible. But always remember that if something works for Joe, it won’t necessarily work for you. So pay attention to your needs, your location and of course your finances.

The most popular exchanges out there are already strictly monitored by authorities. To some extent, this makes them safer than others but at the same time, you have to verify your identity in order to purchase your first token. If you don’t feel like giving away your privacy it is better to dig deeper into the long list of online crypto markets. The better part of the unregulated exchanges may be not as safe but they list hundreds of less-known tokens. The cool thing is – unpopular tokens are more likely to skyrocket. Read – they may generate massive gains. However, always invest sums you can comfortably afford to lose. The market is super volatile and 20% fluctuations on daily basis are something the community deems normal.

Some marketplaces accept credit/debit cards, bank transfers, PayPal, cash or cryptocurrencies as payment methods. Others accept only digital currencies and if you want to trade there, here is what you do. You set up an account in a larger exchange, you buy tokens via traditional payment methods and then you transfer your tokens to smaller exchange. Now you are ready to spend your Bitcoin or Ethereum coins on lesser-known cryptos.

Security is up to you

Pay attention to the address where the marketplace is registered. If you cannot find one, it’s better to stay off. Experienced traders prefer to use exchanges, located in the same country they live in. This will help you in case the exchange gets hacked. You will be able to sue the owners for the damages done. Furthermore, check for the policies of the exchange, its terms & conditions and so on. This will give you valuable information about your rights and obligations as a trader.

If you feel uncertain about a specific marketplace, just google it. Look for it on Reddit, Twitter or other social media and see what its users have to say. Try to find out what are the trading volumes of the exchanges. Usually, higher trading volumes indicate that the community trusts this marketplace. Moreover, this shows higher price accuracy.

And last but not least, try to stay away from markets that keep customers’ funds online. This is super risky because if the market gets hacked your coins are gone. Renowned exchanges keep tokens offline. For instance, Coinbase states it stores as much as 98% of all tokens in cold wallets. Experts advise to do your trading quick and then relocate your tokens to a hardware wallet. This should become your second nature!

Exchanges,

Forget About Those Tokens Stolen From Coincheck, They Are Long Gone

The hackers who ran away with approximately $550 million worth of NEM stolen from Coincheck are almost done laundering them. Despite the efforts of Japanese police officers, cybersecurity firms and the NEM foundation the culprits managed to get super rich in just over two months. But we already knew that this was going to happen. After all, isn’t it decentralization what we praise the most in cryptos?

How did it happen?

The trick is, we can record and monitor transactions but we do not know who is setting behind them. This made it easier for the cybercriminals to transfer the embezzled tokens to multiple wallets several times until everyone loses their tracks. As simple as that. Moreover, those behind the attack utilized numerous dark web channels, further obscuring themselves with uncertainty. This, of course, works in their favor and against the investigators.

According to the Asian media outlet Nikkei, the dark web marketplace where the stolen NEM tokens were sold is already drained. L Plus, a Tokyo cybersecurity firm has confirmed this information. For the uninitiated, this specific marketplace was created with the sole purpose to launder tokens. Smart move, I would say. The NEM foundation did its best to catch the thieves but ultimately failed despite tagging the stolen funds.

“The decentralized NEM protocol’s flexibility allows transactions to be traced in real-time, which aids exchanges to identify wallets attached to malicious activity. This helps make stolen XEM tokens effectively unusable because they cannot be deposited without being flagged by NEM, “ the foundation said in February but wait, it never helped. Perhaps because for some reason the tagging system was turned off a while ago.

This move from the NEM foundation raises one question, is it involved in the crime? I mean, this is a lot of money and insider trading is not something we haven’t seen. Even if so, it doesn’t matter anymore. Because the moral of the story is – never store your cryptocurrency in online exchanges. Try some hardware wallets instead.