ALTILLY

DESCRIPTION OF EVENTS

"Altilly was an unregulated crypto exchange, launched in mid-2018." "Altilly is a cryptoasset exchange located in Sweden." "The platform of the next generation uses advanced technologies and programming techniques not to overload the system and makes the operations faster and more secure. The exchange employs numerous layers of firewalls and internal networking for enhanced security." "Altilly is a Hodler Enterprises owned, secure, reliable and advanced digital asset trading platform, developed by professionals and built on cutting-edge technology."

"Were are here for the long run!"

"Altilly was initially a side project, an idea that grew into fruition. It is now a fully functioning enterprise grade system. If you see a problem, then let us know immediately. We've built the core parts of altilly from the ground up, using newer methods to make the system fast and secure."

"Currently, altilly maintains physical presence only in the form of computer server equipment and data storage. We take great lengths to ensure a complete security lockdown of our systems using multiple layers of firewalls and internal networking. Our safe storage is completely off network and stored in a secured facility. Each time we move cryptocurrency funds to safe storage, we use a new address/private key. When and if we need to move funds from safe storage to the live wallets, we will only retrieve the key with a balance that matches the demand. All of our safe storage and withdrawal wallet public keys (addresses) are signed and available on our system status page for you to monitor and verify. For deposit and withdrawal wallets, each daemon is run by an uniquely assigned non-rootable user. This gives each wallet it's own operating environment that can not disturb or read information from other wallets. We use long random strings for wallet usernames and passwords that are unique to each wallet and this information is stored as encrypted data. Our system will automatically lockdown any wallet which reverses it's chain and we scan posted transactions for reversal as well."

"Altilly believes that users of cryptocurrency should be able to trade easily and quickly with other users. Currently there are no pre-set limits on how much you can exchange, deposit, or withdrawal; however very large withdrawals may require additional time if those funds are stored in the safe or require manual approval. At this time there is no need to get verified unless we request it from you."

"Altilly does not transact in any government issued currency (fiat currency). We do not offer any services to buy or sell with a credit card or your bank account. All exchange transactions in our system is strictly between digital currencies. We do not own or maintain any bank accounts and all employees are paid in cryptocurrency."

"Altilly believes that collection of personal information should be kept to a minimum. To open an account, you only need to provide your name and an email address. We do request that you use your real name, which will make it easier for us to restore your account in the event you lose access to your login. We do not share any information we collect with any outside parties or government agencies. Any requests made from any agencies will be posted publicly."

"Altilly will strive to be as transparent as possible with regards to your cryptocurrency deposits held on account. You can view our system status page for a detailed overview of where and how we store cryptocurrency."

"We use industry standard methods for preventing SQL Injection & XSS attacks on our website. In addition, all passwords & sensitive data are encrypted along with a static & random salt. Encryption keys and salts are NOT stored in the database nor in the codebase. If we ever detect a possible intrusion, we will immediately lock down the entire system and re-encrypt all sensitive information with new keys." "We have automated systems in place to check for inconsistencies in transactions and our wallets. The system will automatically shutdown a wallet if something appears incorrect, and immediately inform a technician. The system status page will always have the most up to date information on any service outages or suspensions for an asset."

"The cryptocurrency venue has gained 65K users, almost 200 listed assets, and 550 trading pairs within just 2 years of its existence and still continues to grow. The main principles emphasized by the developers are transparency, security, and reliability." "It was announced in 2019 that Altilly was acquired by the Qredit team." "[T]he platform hope[d] to complete licensing and official incorporation in Estonia. When the process [wa]s over, the venue w[ould] enable fiat trading pairs, fiat deposits, and withdrawals."

"The servers the Altilly Exchange platform utilised were provided by an independent hosting provider." "The Exchange had two accounts at the original hosting provider. One of them was created three years ago during the setup at the hosting provider. This email was no longer used, as we had another email account using our altilly domain address. The active email had 2FA, the non-active email did not."

"During the account creation at our hosting provider in 2018, we created an account using an email, username and password. A second email was added to the same account. Both emails gave access to the same user account. The hosting provider changed their portal which essentially separated the emails into separate users for the same portal. This action created a second user that was not secured by 2FA authentication."

"While being in the phase of incorporation and acquiring the needed licenses to operate an exchange, Altilly got hacked in December 2020. Only a few months away from official company registration in Estonia."

"The Altilly Exchange platform was attacked by legally authorized access. According to the official weighing, the attacker gained access to 30 BTC and 12,000 USDT and stole them while controlling the server." "The Altilly Exchange platform has been attacked via unauthorised access and user funds have been stolen."

"Earlier this week. We've noticed suspicious activities on our Altilly servers. After rebooting and checking the servers, we've noticed the same activity and a new system user being created on our servers. Meaning that the system was hacked above OS level most likely using recue mode during the reboot."

"Earlier this week on the 23rd December 2020, we were alerted to suspicious activities/monitoring alerts on our servers. Three servers suspiciously rebooted around the same time. After checking the servers, we noticed some unusual activity and a new system user was created."

"With the servers being constantly rebooted and being unsure about what exactly happened at that time, we took the preventative action of beginning to move our servers to a new host."

"Late on the 25th or early morning on the 26th December 2020, we were being alerted to another system reboot at our original hosting provider. It was now clear that someone had access to our servers. It appears that these systems were accessed at an Admin portal level using rescue mode during the server reboot. We then took an additional step by adding code to prevent anyone from accessing the servers externally and changed the rescue system."

"During the process, we've lost access to our servers at our previous hosting provider, including the database, wallets and codebase of Altilly. We are investigating what is going on and what has been saved so far. We are not sure yet if funds are lost. We are still waiting for final analysis from the current hosting provider. We will keep you posted."

"While we were still investigating the root cause, we lost access to all of our servers, this includes production web servers, the databases and exchange cryptocurrency wallets, and it appears that a request came in via the hosting client portal to delete all servers on the linked to the attacked account."

"The attacker(s) was/were able to gain full access to the Administrator console/panel and as well as taking control of our servers, was also able to steal high-value assets from the exchange cryptocurrency hot wallets." "At this point, we are still unaware of how the attacker(s) obtained the password to access the administrator account of our servers or knew which provider we were using."

"Since the hack, a lot of funds were lost, unsaved or stolen. Only a handful of assets were saved from the hack. While Altilly was an unregulated exchange, without any official ownership by either of the 2 parties and while the ToS and Disclaimer mentions that no claims can be made in case of a hack, the team behind Qredit takes full responsibility to make sure that all former users will be recovered from their losses."

"On a number of occasions, we attempted to upload backups to our servers. Unfortunately, the attacker(s) had also gained access to our offsite storage account. This was compromised using API keys from the backup software on the affected servers. The attacker removed all backup files from that location." "Due to the attacker deleting the backups and production servers the remaining funds within the Exchange cryptocurrency wallets are effectively inaccessible/lost. Not only to Altilly but also the attacker, due to database and server encryption."

"We know that a small number of people are already beginning to call the attack an exit scam, and suggestions of the attack being an inside job are totally untrue and unfounded."

"First, we must complete the audit required to understand which users have had funds stolen, this could take up to three months, due to lack of access to backup information. Second, we aim to repay everyone within 6 months, this timeframe is subject to change."

"The Altilly team are monitoring all major stolen crypto currency addresses, and are ready to contact other exchanges with a view to stopping those funds being cashed out, or exchanged." "We have contacted the Swedish Data Inspection agency and reported the breach according to GDPR rules within 72 hours of the breach."

"The total amount stolen is circa 1mln USD. This is a large sum, but not impossible to repay."

"One possible solution would be to repay the stolen funds by utilising profit created by a number of other projects, completely unrelated to Altilly. Although to be clear, we are unable to make any cast-iron guarantees at this stage. More detail will be provided in due course."

"First, we must complete the audit required to understand which users have had funds stolen, this could take up to three months, due to lack of access to backup information."

"The Team is deeply saddened and embarrassed at what has transpired. Words can not describe how the team feels and the pain and suffering this news brings to everyone."

"You have our word that we will not rest until we have repaid affected users."

"Click on the button below to fill in the form so we can establish the users affected by the Altilly Exchange hack. Please note. You will have 60 days from today, to fill in the form. You can no longer claim your funds once these 60 days have passed. Final date is: 26th of February 2021 - 23:59 CET."

The Altilly exchange left all user funds in a hot wallet managed through their platform. They also kept copies of key information in "hot" backups.

While their hosting provider had 2FA on logins, there was a second login without 2FA which the hosting provider had erroneously left open to access the account, which the hacker was able to breach.

Since wallets were online, the funds were quickly taken.

HOW COULD THIS HAVE BEEN PREVENTED?

The Altilly platform stored all their funds online in a hot wallet. They did not set up a multi-signature wallet.

The theft could have been prevented if the funds were stored offline or if signatures from multiple trusted parties were required to release assets.

Check Our Framework For Safe Secure Exchange Platforms

SlowMist Hacked - SlowMist Zone (Jun 26)
ZKSwap - ZKSwap - Layer-2 for All (Aug 2)
ZKSwap price, ZKS chart, market cap, and info | CoinGecko (Aug 2)
@ZKSwapOfficial Twitter (Aug 2)
Announcement (Aug 2)
Altilly Crypto Exchange - Volume, Market Prices & Listings, Trading Pairs | Nomics (Aug 2)
@altillycom Twitter (Aug 2)
Altilly (Aug 2)
Altilly Cryptocurrency Exchange | CryptUnit (Aug 2)
Altilly.com Cryptocurrency Exchange Review : Step By Step Guide (Aug 2)
[ANN][EXCHANGE]Altilly Next Generation Crypto-Asset Exchange (Aug 2)
[ANN][EXCHANGE]Altilly Next Generation Crypto-Asset Exchange (Aug 2)
@PACcoinOfficial Twitter (Aug 2)
Crypto Exchange Altilly hacked  (Aug 2)
Altilly Services Website With Suspicious Activity Report (Aug 2)
Altilly (Aug 2)

More case studies

Uniswap
Doubling Scam

Cover
Protocol Hack