Crypto Exchange Burglaries: 4 Cases in H2 2019

In our previous text we initiated the review of crypto exchanges that were hacked or digitally robbed in 2019. Specifically, we considered Cryptopia from New Zealand, DragonEx from Singapore, Bithumb from South Korea, and Binance from Malta. As long as Binance has not been recognised as a Hong Kong platform long since, it turns that two out of four exchanges are Asian. In the second half of 2019, the only victims were crypto exchanges based in Asian states.

Bitrue (Singapore)

Incident date: 27 June.
Reason: breach in the risk control system through which the hackers accessed the accounts of 90 users and then the exchange’s hot wallet.
Stolen: 2.5 million ADA and 9.3 million XRP.
Total damage: $4.2 million.
Loot transferred to: Bittrex, BW.com, ChangeNOW, CoinSwitch, EXMO, Huobi Global.

Bitrue’s countermeasures:

  1. Attack identification and neutralisation.
  2. Shutdown for maintenance.
  3. Suspension of deposits and withdrawals for three days.
  4. Emergency inspection and in-house investigation.
  5. Resorting to local police.
  6. Restoring operation the next day.

Consequences:

  • By virtue of the insurance fund, the exchange refunded money to the parties suffered within two days.
  • Security was improved, verification policy reviewed.
  • Some of the coins were retrieved with the help of other exchanges that blocked the transactions from the hackers.
  • As a result, the company’s loss came to $3.2 million.

BitPoint (Japan)

Incident date: 12 July.
Reason: unauthorised access to private keys in hot wallets.
Stolen: 1.2 thousand BTC, 11.2 thousand ETH, 5.1 thousand LTC, 2 thousand BCH, and 28.1 million XRP.
Total damage: $32 million.
Loot transferred to: Binance, Huobi Global.

BitPoint’s countermeasures:

  1. Temporary shutdown of trading, deposits, and withdrawals.
  2. Investigation.
  3. Resorting to local police.
  4. Promise to compensate losses to 50,000 users ($23 million, only in cryptocurrencies).

Consequences:

  • Ripple Foundation helped rectify security breaches.
  • Some of the coins were retrieved with the help of other exchanges and JVCEA.
  • As a result, BitPoint Japan’s loss came to $28 million.
  • Stock of BitPoint’s parent company RemixPoint Inc. lost 19% in value after the first breach news broke out.

VinDAX (Vietnam)

Incident date: 5 November.
Reason: unauthorised withdrawal of crypto from the hot wallets.
Stolen: 23 types of cryptocurrencies.
Total damage: $0.5 million.
Loot transferred to: unknown.

VinDAX’s countermeasures:

  1. Sorting out technical issues.
  2. Resorting to listed projects to lend tokens to return them to the users.
  3. Promise to restore and compensate losses.

Consequences:

  • The reserve and investors helped the exchange retrieve the stolen tokens a day later.
  • Fully restored by late November.

UPbit (South Korea)

Incident date: 27 November.
Reason: unauthorised withdrawal of coins from the hot wallet.
Stolen: 342 thousand ETH.
Total damage: $49.1 million.
Loot transferred to: Binance, Huobi Global.

UPbit’s countermeasures:

  1. Temporary shutdown for server maintenance.
  2. One-week trading shutdown; two-week shutdown of deposits and withdrawals.
  3. Redeploying assets to the cold wallets.
  4. Resorting to other platforms with a request to blacklist the burglar.
  5. Cooperating with local police and Korea Internet & Security Agency.
  6. Promise to compensate losses to the parties suffered.

Consequences:

  • On 3 December, the burglar transferred 55,000 ETH to unknown addresses by the following pattern: 1001 ETH first, then 10,000 ETH, and then repeated this for five times.
  • KYC policy was modified and complemented with additional procedures for verifying foreign clients.
  • The new policy resulted in withdrawal restrictions for foreign users.

Crypto exchange burglaries in H2 2019

What also happened to crypto exchanges in 2019

On 9 January 2019, a half-year before the summer hack, Bitrue suffered a 51% attack. The fraudster tried to illicitly withdraw 13 thousand ETC (~$65,000) but the security system prevented the wrongdoing.

On 26 January, Finnish P2P platform LocalBitcoins registered a phishing attack. Then, the security issue stung not the platform but the forum engine — the hacker edited the official thread and embedded a phishing link. After that, the users, who clicked through to the dummy website from the forum thread, saw a copy of the platform and entered their credentials in good faith. Having acquired user data, the hacker then logged in to six accounts and withdrew a total of 8 BTC (~$27,000) therefrom.

On 25–27 March, some suspicious activity was noted on CoinBene (Singapore). During maintenance, ethers and 108 types of tokens for the total amount of $105 million were being withdrawn. The users pressed the panic button and experts surmised that the exchange had been hacked. However, CoinBene representatives asserted the things were going alright and nothing had been stolen. Well, no victim, no crime.

What users should do in case of attack

When 6 out of 8 affected exchanges are Asian, one might think it’s pretty hazardous to trade on Asia-based platforms. The first thing that may cross one’s mind is that either exchange staff can’t ensure decent security, or some brilliant-minded hackers are now working in Asia. Or the third option — maybe all that is perpetrated by No Ko’s secret agencies?

No matter what’s behind it, crypto traders concerned with short-term trading or arbitrage on Asian exchanges must be ready for temporary inconveniences and missed profit during hacks. The problems may have no impact on mid-term traders and long-term investors as the exchanges usually quickly restore and compensate losses. Just wait for the board’s official response and keep an eye on the situation on social and other media.

Those who had not used the victim exchange must stay alert as well. If you get to know that cryptocurrency was stolen somewhere, learn what coins/tokens are involved and don’t buy them from untrustworthy sellers. The offenders will try to distribute their loot through P2P marketplaces or in the over-the-counter markets. If one buys stolen coins by accident and then tries to sell them on a centralized exchange, they may face the account freeze and confiscation of illegally-sourced funds. Remember that major exchanges are combating money laundering and verify cryptocurrency coming from users.

901