QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$82 000 USD
NOVEMBER 2020
UNITED STATES
CELSIUS NETWORK
DESCRIPTION OF EVENTS
"Celsius Network is a cryptocurrency loan company." "Celsius was founded in 2017 with the mission to harness blockchain technology to provide unprecedented financial freedom, economic opportunity, and income equality for the 99%." "Celsius Network Limited was incorporated on 9 February 2018."
"Celsius is proud to provide a platform of curated services that have been abandoned by big banks – things like fair interest, zero fees, and lightning quick transactions. Our goal is to disrupt the financial industry, one happy user at a time, and introduce financial freedom through crypto."
"Celsius is not a bank, depository institution, custodian or fiduciary and the assets in your Celsius account are not insured by any private or governmental insurance plan (including FDIC or SIPC), nor are they covered by any compensation scheme (including FSCS)."
"Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week [prior to November 21st, 2020]. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned." "The result shows that several other cryptocurrency platforms also may have been targeted by the same group, including Celsius.network. None of these companies responded to requests for comment."
"Lydia-Sweet10, a Reddit user with only posts on her negative Celsius experience, claimed her account was hacked.". "This all started at the same time Celsius DNS servers were taken down in early Nov and they assured everyone their crypto was safe." "Celsius locked me out of my account for a month when I could have been ramping up my security." "I was locked out of my own account since Nov 12th[, 2020] and the theft occurred Nov 30th." "I personally got my Celsius account hacked and over 4 bitcoin ($82000) were stolen." "4.25 BTC was stolen by a “Wasabi” hack that broke up the BTC in smaller pieces and moved it to many wallets."
"The Celsius servers went down in early November and I believe a breach occurred then when hackers were able to get some user names." "Additional security features should have been implemented when you sign up for Celsius. Hodl mode would have definitely helped but security is not where it should be."
"Celsius was very slow to respond and has not managed the problem well at all." "I contacted them MANY times via email and phone with very little to no response during the whole month of Nov." "Here it is three months later and they haven’t really responded in any coherent way."
"I am still trying to get to the bottom of this by hiring a fraud investigation firm." "I hired a fraud investigator and the local police department who subpoenaed Celsius for the records to trace the theft of bitcoin."
"So far Celsius still says they are looking into it 3 mo after the theft with no explanation given." "They say they’re working on it. They were absolutely impossible to get a response from for weeks while I was being locked out of my wallet and emailing them every day as to why." "It’s been very frustrating!"
While unconfirmed by Celsius, there is a report from one of their customers who claims to have been hacked out of $82,000 worth of cryptocurrency. If what's claimed is true, it seems like Celsius may have had their DNS compromised and customers redirected to an attacker's website. Attackers can set up proxies on similar looking domains and intercept interactions with the website. Since those interactions might then come from a suspicious IP address, locking the account would make sense. The attacker (who had the password) may have been able to log in later and request the withdrawal. It sounds like they used Wasabi CoinJoin to mix the coins and cover their trail.
HOW COULD THIS HAVE BEEN PREVENTED?
The primary failure in the Celsius process was not requesting a universal change of account credentials after the DNS vulnerability was resolved. The DNS vulnerability appears that it may have occurred due to an insider in GoDaddy where the domain was registered. Strong multi-factor authentication on all transactions, including confirmation on addition of withdrawal addresses, can provide additional certainty that it's the real customer making the withdrawal request.
Under our proposed framework, platforms undergo periodic reviews of their security procedures once every 6 months. They have their choice of firm from amongst those approved options, and need to cycle such that firms aren't regularly repeated to get a stronger opinion. A portion of funds are set aside in an industry insurance fund which is available to handle events like these. Each incident would be fully reported so that all platforms can benefit from the knowledge and understanding.
Is Celsius Network Safe To Put Your Money (Updated Dec'21 on BadgerDAO) (Jan 30)
Celsius Network | Earn Crypto, Borrow Cash and Unbank Yourself (Jan 30)
About Us | Unbank Yourself (Jan 30)
How secure is celsius ? : CelsiusNetwork (Feb 5)
How safe is Celsius? How to avoid ending up like KuCoin or falling victim to coins being hacked? : CelsiusNetwork (Feb 5)
Celsius should spend more resources for customer care than expanding new features : CelsiusNetwork (Feb 5)
So about that DNS issue.... : CelsiusNetwork (Feb 5)
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services – Krebs on Security (Feb 5)
