$100 000 000+ USD

APRIL 2019

INTERNATIONAL

COINBENE

DESCRIPTION OF EVENTS

“On March 27, 2019, ZDnet reported on a widely rumored hack on Singapore-based exchange CoinBene. At the time of the alleged cyberattack, the exchange went into maintenance mode, which undoubtedly fueled speculation.” “On Monday (March 25, 2019), there were massive outgoing transactions from CoinBene’s hot wallet to an unknown wallet that did not exist prior to that Monday. These transactions reportedly involved every single ERC-20 token (totaling 109) held by the company.” “the fund transfers out of CoinBene’s hot wallet bore all the hallmarks of a hack.” “the [CoinBene] manager admitted to not knowing the source of the intrusion — while still telling the public that there was ongoing maintenance.” "MaxiMine sent CoinBene 1.9 billion MXM, despite its announcement saying the token distribution would be on a 1:1 basis. Thus, why did CoinBene receive an extra 700,000 MXM — which were worth about $77 million at the time — from MaxiMine?" When he asked how Coinbene could continue to allow trading for tokens they do not actually have on their exchange, Brierley was told, "You don't know how centralized exchanges work, David."

From the breadcrumbs, this seems pretty simple. Coinbene had a “secure” hot wallet system, which got hacked, resulting in the loss of a ton of different ERC20 tokens. The company didn’t want to appear hackable and insecure and suffer the reputation damage, so rather than be transparent about the matter, decided to ask the various teams behind the ERC20 tokens to help quietly reverse the transactions. Some, including the MaxiMine project, indulged the request, while others such as Howdoo, refused. This can be prevented by regular audits to expose any reserve shortfalls, and hot wallet insurance to cover any token losses.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.