QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$1 300 000 USD
OCTOBER 2014
UNITED KINGDOM
MINTPAL
DESCRIPTION OF EVENTS
"The fast, efficient and secure cryptocurrency exchange." "MintPal Limited is a UK based private company (registered UK company #09009856) that focuses on the exchanging of cryptocurrencies. Launched in early 2014, we aim to provide the best user experience matched with quick support times." "Our team is made up of talented developers and network engineers who know how to build a fast, efficient and secure system that takes advantage of the latest web technologies. Check out our security page to find out more about the security precautions we have in place."
"Our beautiful interface allows you to trade in real-time with live updating prices so you never miss the action. At just 0.15% per trade for both BUY and SELL orders, we have some of the lowest trading fees in the industry. MintPal has been built with strong security principles in mind. We utilise COLD storage and strict firewalls. Our support team handle customer queries throughout the day, never will you experience a long wait for a reply."
"A secure and reliable trading environment. A fast matching engine that executes trades within milliseconds. The latest market data available to all users as fast as possible. A highly scalable architecture that can handle spikes of activity. An appealing and responsive user interface that is easy to use. Fast support responses, typically within 24 hours. Full DDoS protection with a leading provider. CDN Caching for all static content. Distributed wallets and Hot/Cold wallets. Tiered design from day 1 to improve scalability. Push instead of pull to deliver all market updates as fast as possible. 2 Factor Authentication as standard for all staff."
"We store the majority of our customer's funds in a secure offline wallet, with only a portion available in a 'hot' wallet for instant withdrawals. This method vastly improves security at a minor expense of large withdrawals requiring manual processing. We utilize a leading DDoS provider for all public facing content and cache all static content on a CDN to provide the fastest possible load times. All website components are logically separated and protected by physical firewalls for increased security. All employees are required to connect to a secure VPN before gaining access to any systems. All interaction with the website is required over HTTPS so all communication is encrypted via SSL. Customers can set up two-factor authentication for accounts with Google Authenticator to provide an extra layer of security. We use an industry recognised PCI (credit card provisioning compliance) scanning service to routinely scan the website to aid in locating any potential security issues. We use industry standard methods for preventing SQL Injection & XSS attacks on our website. In additional, all passwords & sensitive data are encrypted along with a static & random salt."
"[T]he cryptocurrency exchange gaining a lot of publicity recently for events such as the attack with Vericoin, requiring it to fork." "MintPal accepts no liability for any loss however so arising suffered as a result of any failure or fault in the service provided by MintPal. Any compensation shall be at the discretion of MintPal."
"MintPal will not be responsible for any damages that you may suffer. MintPal makes no warranties of any kind, expressed or implied for services we provide. MintPal disclaims any warranty or merchantability or fitness for a particular purpose. This includes loss of data resulting from delays, non-deliveries, wrong delivery, and any and all service interruptions caused by MintPal and its employees."
"Moolah has recently picked up Mintpal." “The exchange was acquired by Moopay executive “Alex Green” who many believe was a shady scammer."
"Our first action to take regarding MintPal, is to beef up the security, make a number of performance tweaks; do a formal audit and review of operational procedures. Once this is done, we will focus on introducing new features to both platforms. They already have a great platform, we just need to make sure that all the doors are locked, and that none of the windows are open."
“A total of 3,894 BTC was stolen from Mintpal customers and never returned. Alex Green (also known by another alias, Ryan Kennedy) had fled the cryptocurrency scene. Green has since been arrested by the authorities, but for rape charges, as reported by Bitcoin.com”
"Thanks to all of you who have already donated, @CryptoCobain has sent the first 22 BTC raised directly to @Selachii_LLP to start proceedings" “How messy [the process] gets really depends on how cooperative Ryan is. The altcoins that didn't migrate to MintPal V2 – we estimate that to be around 1,000 BTC worth – we can return to users. The other missing amounts, including missing bitcoins, are still with Ryan and hopefully we can get him to cough up those as well. Then, we can return the bitcoins to customers and rebuild, rebrand from there.”
After previously learning a valuable lesson in why funds shouldn't be stored online, Mintpal decided that they'd allow the new (non background-checked) manager Alex Green full access to customer funds, and not maintain full reserves.
HOW COULD THIS HAVE BEEN PREVENTED?
Mintpal is one of those rare cases where all 3 prime causes of platform losses were present. Funds were stored online in the case of Vertcoin, there was no multi-sig employed, and full reserves were not maintained.
The Bitcoin Exchange Thefts You May Have Forgotten | Featured Bitcoin News (Jan 29)
UK Police Force Investigate the Defunct Mintpal Exchange and Owner | News Bitcoin News (Feb 3)
100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25)
List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 15)
Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5)
SlowMist Hacked - SlowMist Zone (Jun 26)
The Guy Who Ruined Dogecoin (Oct 4)
Remembering the Mintpal Hack - October 2014 $3.500.000 Loss in Crypto Assets | Ledger (Oct 2)
https://www.ccn.com/alleged-moolah-fraudster-ryan-kennedy-faces-first-court-hearing/ (Oct 2)
@MintPalExchange Twitter (Oct 2)
@MintPalExchange Twitter (Oct 2)
Mintpal Hacked 'Considerable Amount' Of VeriCoin Stolen (Oct 2)
CoinDesk: Bitcoin, Ethereum, Crypto News and Price Data (Oct 3)
MintPal (Oct 3)
MintPal (Oct 3)
MintPal (Oct 3)
MintPal - Operation Sparrow : Bitcoin (Nov 13)
Mintpal is acquired by Moolah.io – Bitcoinist.com (Nov 13)
We’re taking over MintPal, here’s what you need to know. | Moolah (Nov 13)
VeriCoin's 'solution' to Mintpal hack - a dangerous precedent? : reddCoin (Oct 3)
Blockchain Aids Investigators as Ex-Mintpal CEO Arrested in the UK (Nov 29)
Dogecoin Started as a Joke and Became a Scam (Mar 26)
Worldwide crypto & NFT rug pulls and scams tracker - Comparitech (Dec 15)
