QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$42 000 USD
JULY 2012
RUSSIA
BTC-E
DESCRIPTION OF EVENTS
“On July 31, 2012, the BTC-E Liberty Reserve API secret key was broken. This key was shorter than it needed to be at only 16 characters long. The attacker initiated many Liberty Reserve deposits and injected large amounts of USD into the system, which were quickly sold for BTC. Not all BTC was withdrawn; official estimates state that the scope was limited to 4500 BTC. Similar to the June 2011 Mt. Gox Incident, the BTC-E market was disturbed during the duration of the hack. The handling of this hack was widely applauded after BTC-E revealed they would cover the losses and revert to a backup made just before the hack.”
It appears that the balance stolen was in Liberty Reserve currency and that this was then traded for BTC. Liberty Reserve provided a centralized payment network with coins backed by USD and EUR (similar to present-day stablecoins), which featured an API. The API key allowed for automation of payments, and if compromised would thus allow a perpetrator to spend or transfer funds, similar to a private key. Thus, the exploit was simply that this key (effectively a hot wallet as far as the centralized Liberty Reserve was concerned) was compromised, so very similar to a standard hot wallet hack.
HOW COULD THIS HAVE BEEN PREVENTED?
The stolen funds were not cryptocurrency, and thus were not stored in multi-signature wallets. If a similar loss were to happen based on another currency or balance manipulation, such a theoretical loss would be limited to the amount immediately withdrawable via the connected hot wallets. Therefore, this could also be prevented through hot wallet contingency planning.
Cryptocurrency exchange WEX/BTC-e tied to Bitcoin ransomware hackers (Feb 2)
List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] (Jan 28)
List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 15)
