COINBENE

DESCRIPTION OF EVENTS

“On March 27, 2019, ZDnet reported on a widely rumored hack on Singapore-based exchange CoinBene. At the time of the alleged cyberattack, the exchange went into maintenance mode, which undoubtedly fueled speculation.” “On Monday (March 25, 2019), there were massive outgoing transactions from CoinBene’s hot wallet to an unknown wallet that did not exist prior to that Monday. These transactions reportedly involved every single ERC-20 token (totaling 109) held by the company.” “the fund transfers out of CoinBene’s hot wallet bore all the hallmarks of a hack.” “the [CoinBene] manager admitted to not knowing the source of the intrusion — while still telling the public that there was ongoing maintenance.” "MaxiMine sent CoinBene 1.9 billion MXM, despite its announcement saying the token distribution would be on a 1:1 basis. Thus, why did CoinBene receive an extra 700,000 MXM — which were worth about $77 million at the time — from MaxiMine?" When he asked how Coinbene could continue to allow trading for tokens they do not actually have on their exchange, Brierley was told, "You don't know how centralized exchanges work, David."

From the breadcrumbs, this seems pretty simple. Coinbene had a “secure” hot wallet system, which got hacked, resulting in the loss of a ton of different ERC20 tokens. The company didn’t want to appear hackable and insecure and suffer the reputation damage, so rather than be transparent about the matter, decided to ask the various teams behind the ERC20 tokens to help quietly reverse the transactions. Some, including the MaxiMine project, indulged the request, while others such as Howdoo, refused. This can be prevented by regular audits to expose any reserve shortfalls, and hot wallet insurance to cover any token losses.

Over $100 Million Missing: CoinBene Claims Maintenance, a Month of Questions Point Toward a Hack (Feb 15)
$356 million in cryptocurrency stolen in first three months of 2019 (Feb 15)
The Mystery of Coinbene's Missing Coins | CryptoGlobe (Feb 19)
Q1 2019 Cryptocurrency Anti-Money Laundering Report - CipherTrace (Feb 20)
Most Significant Hacks of 2019 — New Record of Twelve in One Year (Feb 23)
SlowMist Hacked - SlowMist Zone (Jun 26)
The 23 exchange hacks of 2019 (Aug 8)

More case studies

Tesler 2 False
Investment Opportunity

Ledger
CVHodl Theft