Cryptsy Exchange Hack: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/cryptsyexchangehack.php}}
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/cryptsyexchangehack.php}}
{{Unattributed Citations}}
{{Unattributed Sources}}


[[File:Cryptsy.jpg|thumb|Cryptsy]]Cryptsy was once one of the leading platforms in the United States, allowing users to trade over 200 different cryptocurrencies. It was reportedly started as a hobby project in 2013, before growing rapidly.
[[File:Cryptsy.jpg|thumb|Cryptsy]]Cryptsy was once one of the leading platforms in the United States, allowing users to trade over 200 different cryptocurrencies. It was reportedly started as a hobby project in 2013, before growing rapidly.
Line 12: Line 12:
The coins were split into separate wallets with a balance of 1,000 bitcoin each, and stayed idle all the way until 2022. It appears that on March 29th, 2022, the balances on the theft accounts were split up further into even smaller wallets. There are no reports of any funds having been recovered from the hacker.
The coins were split into separate wallets with a balance of 1,000 bitcoin each, and stayed idle all the way until 2022. It appears that on March 29th, 2022, the balances on the theft accounts were split up further into even smaller wallets. There are no reports of any funds having been recovered from the hacker.


This exchange or platform is based in United States, or the incident targeted people primarily in United States.
This exchange or platform is based in United States, or the incident targeted people primarily in United States.<ref name="bitcoinmagazine-6" /><ref name="kylegibson-86" /><ref name="bitcoinexchangeguide-218" /><ref name="newsdotbitcoin-7671" /><ref name="financemagnates-8405" /><ref name="cryptsysettlement-8406" /><ref name="cryptsyarchive-8407" /><ref name="cryptsyarchive-8408" /><ref name="coinmarketcap-8409" /><ref name="cryptsyblogarchive-8410" /><ref name="bitcointalkarchive-8411" /><ref name="bitcointalk-8412" /><ref name="alerj78github-8413" /><ref name="walletexplorer-8414" /><ref name="walletexplorer-8415" /><ref name="walletexplorer-8416" /><ref name="btcdotcom-8417" /><ref name="ltcarchive-8418" /><ref name="blockchair-8419" /><ref name="coinmarketcap-623" /><ref name="coinmarketcap-6787" />
<ref name="bitcoinmagazine-6" /><ref name="kylegibson-86" /><ref name="bitcoinexchangeguide-218" /><ref name="newsdotbitcoin-7671" /><ref name="financemagnates-8405" /><ref name="cryptsysettlement-8406" /><ref name="cryptsyarchive-8407" /><ref name="cryptsyarchive-8408" /><ref name="coinmarketcap-8409" /><ref name="cryptsyblogarchive-8410" /><ref name="bitcointalkarchive-8411" /><ref name="bitcointalk-8412" /><ref name="alerj78github-8413" /><ref name="walletexplorer-8414" /><ref name="walletexplorer-8415" /><ref name="walletexplorer-8416" /><ref name="btcdotcom-8417" /><ref name="ltcarchive-8418" /><ref name="blockchair-8419" /><ref name="coinmarketcap-623" /><ref name="coinmarketcap-6787" />


== About Cryptsy ==
== About Cryptsy ==
Line 87: Line 86:
!Description
!Description
|-
|-
|July 29th, 2014 6:57:00 AM
|July 29th, 2014 6:57:00 AM MDT
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
Line 114: Line 113:
== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
What parts of this case are still remaining to be concluded?
 
== General Prevention Policies ==
== Prevention Policies ==
The primary failure was that funds were stored online and no multi-signature setup was employed. The keys for the wallets should have been stored fully offline and certainly not on an internet-connected device.
The primary failure was that funds were stored online and no multi-signature setup was employed. The keys for the wallets should have been stored fully offline and certainly not on an internet-connected device.


Line 121: Line 119:


The attack was not disclosed and no resources were available to assist victims of the platform whose funds were taken. This soon resulted in the downfall of the Cryptsy platform.
The attack was not disclosed and no resources were available to assist victims of the platform whose funds were taken. This soon resulted in the downfall of the Cryptsy platform.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
{{Prevention:Individuals:End}}
== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:End}}
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}
{{Prevention:Regulators:End}}


== References ==
== References ==
<references><ref name="bitcoinmagazine-6">[https://bitcoinmagazine.com/articles/infographic-overview-compromised-bitcoin-exchange-events Infographic: An Overview of Compromised Bitcoin Exchange Events] (Jan 29, 2020)</ref>
<references><ref name="bitcoinmagazine-6">[https://bitcoinmagazine.com/articles/infographic-overview-compromised-bitcoin-exchange-events Infographic: An Overview of Compromised Bitcoin Exchange Events] (Jan 30, 2020)</ref>


<ref name="kylegibson-86">[https://medium.com/@kylegibson/100-crypto-thefts-a-timeline-of-hacks-glitches-exit-scams-and-other-lost-cryptocurrency-873c87fd5522 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents] (Jan 25, 2020)</ref>
<ref name="kylegibson-86">[https://medium.com/@kylegibson/100-crypto-thefts-a-timeline-of-hacks-glitches-exit-scams-and-other-lost-cryptocurrency-873c87fd5522 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents] (Jan 25, 2020)</ref>
Line 161: Line 173:
<ref name="blockchair-8419">[https://blockchair.com/litecoin/transaction/61e61a63f35c951a16870df9e0a34df462ee473fde819d134da9485d2e7d8f44 Litecoin / Transaction / 61e61a63f35c951a16870df9e0a34df462ee473fde819d134da9485d2e7d8f44 — Blockchair] (Jul 8, 2022)</ref>
<ref name="blockchair-8419">[https://blockchair.com/litecoin/transaction/61e61a63f35c951a16870df9e0a34df462ee473fde819d134da9485d2e7d8f44 Litecoin / Transaction / 61e61a63f35c951a16870df9e0a34df462ee473fde819d134da9485d2e7d8f44 — Blockchair] (Jul 8, 2022)</ref>


<ref name="coinmarketcap-623">[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 15, 2021)</ref>
<ref name="coinmarketcap-623">[https://coinmarketcap.com/currencies/bitcoin/historical-data/ Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap] (May 16, 2021)</ref>


<ref name="coinmarketcap-6787">[https://coinmarketcap.com/currencies/litecoin/historical-data/ https://coinmarketcap.com/currencies/litecoin/historical-data/] (Mar 1, 2022)</ref></references>
<ref name="coinmarketcap-6787">[https://coinmarketcap.com/currencies/litecoin/historical-data/ https://coinmarketcap.com/currencies/litecoin/historical-data/] (Mar 1, 2022)</ref></references>

Revision as of 17:57, 12 April 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Cryptsy

Cryptsy was once one of the leading platforms in the United States, allowing users to trade over 200 different cryptocurrencies. It was reportedly started as a hobby project in 2013, before growing rapidly.

One of the tokens listed on the Cryptsy platform was called Lucky7Coin, which was unique in that it's mining algorithm was based on finding 7s instead of 0s like bitcoin or other coins. This project was eventually abandoned by it's initial developer and a new developer took it over.

This developer mailed the Cryptsy team to notify them that he was taking over and provided them with a new IRC channel for the wallet. The IRC channel was used to provide information, and it appears that the wallet relied on this information to potentially execute additional instructions, creating a remote command and control malware.

It is believed that the developer used this backdoor to exploit the funds on the Cryptsy exchange, which were largely stored "hot", in a device with an internet connection running the backdoor. 13,000 bitcoin and 300,000 litecoin were reportedly taken from the platform, though the blockchain reports slightly less (11325.0965 BTC and 247,507.99 LTC). This hack placed the Cryptsy exchange into a position of extreme insolvency and was not shared with the public to avoid ensuing panic. The Cryptsy platform continued to operate for another year and a half before failing to handle withdrawals and collapsing.

The coins were split into separate wallets with a balance of 1,000 bitcoin each, and stayed idle all the way until 2022. It appears that on March 29th, 2022, the balances on the theft accounts were split up further into even smaller wallets. There are no reports of any funds having been recovered from the hacker.

This exchange or platform is based in United States, or the incident targeted people primarily in United States.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21]

About Cryptsy

"Cryptsy was a US based crypto exchange and one of the most popular at that with a clear and easy to used interface specifically for trading crypto to crypto - for example dogecoin for litecoin. In this respect, Cryptsy was one of the leading crypto exchanges out there."

"Cryptsy was created as a hobby, because I was running around 25 different altcoin pools, from litecoin to Mintcoin to Feathercoin and many other coins; I just can’t name them all; I had too many different pools and there wasn’t a place where you can go and exchange all of them."

"2-3 weeks later, I hammered out most of the bugs that I found and started to get more and more sign-ups and these were people who were coming from elsewhere i.e. they weren’t coming from my pools and that was around May 2013, when I officially launched the site. I ran that for a while, just as a hobby for a few months and it started picking up more and more users, approximately 200-300 new users a day, and I wasn’t doing any kind of advertising and I still don’t do any kind of advertising."

"[A]round August 2013 is when I started considering that may be I should make Cryptsy my full time job, I opened up a small office here in Florida, hired my first employee, who was my accountant, because of all the trading activity that started going on, I knew I needed somebody to keep track of all these numbers, so that was the first hire and then by October, I had left my job and started working for Cryptsy full time and by the end of that year, I probably had 4-5 employers working and I don’t know if you remember, but by November 2013, there was a huge explosion in trading, across all exchanges, not only on Cryptsy, but all, so that was a crazy month."

"I am not going to tell you all details [about our security] because this is classified info, but we have a lot of different layers. We use Incapsula, our DDoS protection provider, which is our first security layer and then, we have frontend web servers, which is our second security layer, and all of those have firewalls and all of our online databases are backened, so the rest of the services , servers and other stuff aren’t accessible from the public internet, which is a key strategy when trying to boost security as the best way to be secure is not to plug in to the internet. Our wallets have several security layers and they are really hard to get into even for me, so wallets’ security is a priority especially when you have a couple of hundred altcoins on the platform."

"The Company started offering fiat to Bitcoin and other altcoin pairs in 2014. The process of depositing and withdrawing fiat currency can take time as they use a variety of providers such as Interac and EgoPay, where other exchanges offer more simplistic methods to get any fiat currency into bitcoin. Initially, you could pay by cheque to the Company so the electronic transfer was a welcome change."

"The exchange had a rebate program as well as a tiered fee structure that changes with respect to your 14-day average volume. With the maximum discount in place, your trading fees were as low as 0.1% or as high as 0.33%. Internal transfers to other users were free of charge but withdrawals came with a standard industry surcharge."

"We have 322,000 users at the moment; of those 50,000-200,000 are active but it depends on how you classify someone is an “active trader”."

"Lucky7Coin (LK7) [was] a PoW/PoS coin in the family of PPCoin/Novacoin with latest available algorithms that fixed various problems in the recent PoW/PoS coins. As compared to the PoW only coins, the proof of stake coins are more resilient to 51% attack. Also it is a long term energy-efficient cryptocurrency." "[O]n 5/22/2014, [the Cryptsy platform] received [a] message from the new developer who wanted to maintain the codebase."

"Lucky7Coin is not maintained and I would like to take care of it. I have announced that on bitcointalk.org in Lucky7Coin thread. You’re the only exchange for this coin and I hope you will let me take care of it. I’m responsible. You don’t have to be afraid of errors or forks. I’m developing multipool and I know bitcoin internals and protocol."

"Branch “master” will always be for stable version, branch “devel” could be dirty. In a 2-3 weeks I’ll release new version with p2pool support and checkpoints. Before that I’ll contact you to check few blocks hashes for checkpoints and make sure there is no fork."

"[W]e were alerted in the early AM of a reduction in our safe/cold wallet balances of Bitcoin and Litecoin, as well as a couple other smaller cryptocurrencies." "2014-07-29 13:17:36 is when the event occurred." "After a period of time of investigation it was found that the developer of Lucky7Coin had placed an IRC backdoor into the code of wallet, which allowed it to act as a sort of a Trojan, or command and control unit. This Trojan had likely been there for months before it was able to collect enough information to perform the attack."

"Some may ask why we didn’t report this to the authorities when this occurred, and the answer is that we just didn’t know what happened, didn’t want to cause panic, and were unsure who exactly we should be contacting. At one time we had a open communication with Secret Service Agent Shaun Bridges on an unrelated matter, but I think we all know what happened with him – so he was no longer somebody we could report this to. Recently I attempted to contact the Miami FBI office to report this, but they instead directed me to report it on the I3C website. I’ve not heard anything from them."

"This of course was a critical event for Cryptsy, however at the time the website was earning more than it was spending and we still have some reserves of those cryptocurrencies on hand. The decision was made to pull from our profits to fill these wallets back up over time, thus attempting to avert complete closure of the website at that time. This worked fine for awhile, as profits decreased due to low volume and low Bitcoin prices, we would adjust our spending accordingly. It wasn’t until an article from Coinfire came out that contained many false accusations that things began to crumble. The article basically caused a bank-run, and since we only had so much in reserves for those currencies problems began."

"Cryptsy Announcement: http://blog.cryptsy.com/ ALL trading and deposits are OFF. More wallets opened for withdrawal 1/27/2016"

"In any case, it is our intent to get every user their funds. Depending on what option or combination of options we end up doing, this may take some time."

"Trades and withdrawals will be suspended on the site indefinately until some sort of resolution can be made. Here are our options: (1) We shut down the website and file bankruptcy, letting users file claims via the bankruptcy process and letting the court make the disbursements. (2) Somebody else comes in to purchase and run Cryptsy while also making good on requested withdrawals. (3) If somehow we are able to re-aquire the stolen funds, then we allow all withdrawal requests to process. I’m obviously open to any other ideas people may have on this. If you have information, you can email."

"Following an attack on the crypto exchange, Cryptsy filed for insolvency in January 2016. Per the exchange, it lost around 13,000 Bitcoin and 300,000 Litecoin to the hackers, out of which approximately 10,000 Bitcoins belonged to its clients." "The site, which previously said that it would suspend trading and withdrawals indefinitely, has been taken offline as of press time."

This exchange or platform is based in United States, or the incident targeted people primarily in United States.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Cryptsy Exchange Hack
Date Event Description
July 29th, 2014 6:57:00 AM MDT Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost has been estimated at $8,516,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

The primary failure was that funds were stored online and no multi-signature setup was employed. The keys for the wallets should have been stored fully offline and certainly not on an internet-connected device.

Wallet software was installed from an untrusted and anonymous source and not carefully vetted by anyone.

The attack was not disclosed and no resources were available to assist victims of the platform whose funds were taken. This soon resulted in the downfall of the Cryptsy platform.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Infographic: An Overview of Compromised Bitcoin Exchange Events (Jan 30, 2020)
  2. 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)
  3. Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
  4. Cryptsy CEO Indicted for Defrauding Crypto Investors, Destroying Evidence – Regulation Bitcoin News (May 7, 2022)
  5. Coinbase Settles Cryptsy Victims' Lawsuit for $1 Million (Jul 8, 2022)
  6. https://www.cryptsysettlement.com/ (Jul 8, 2022)
  7. Cryptsy - Trade Home (Jul 8, 2022)
  8. Cryptsy - Trade Home (Jul 8, 2022)
  9. https://coinmarketcap.com/exchanges/cryptsy/ (Jul 8, 2022)
  10. Cryptsy Blog (Jul 8, 2022)
  11. [ANN][LK7] Lucky7Coin - PoW/PoS, BonusBlock based on your lucky 7s! |No Premine (Jul 8, 2022)
  12. [ANN][LK7] Lucky7Coin - PoW/PoS, BonusBlock based on your lucky 7s! |No Premine (Jul 8, 2022)
  13. GitHub - alerj78/lucky7coin (Jul 8, 2022)
  14. 0c07e0bec1002bd2 [WalletExplorer.com] (Jul 8, 2022)
  15. b16b6dbcdba373b3 [WalletExplorer.com] (Jul 8, 2022)
  16. c7b46a79fd8887038bd3a8e884b04820038415a60e0b9d2c2f5bcff68a2687bf [WalletExplorer.com] (Jul 8, 2022)
  17. Cryptsy's CEO - A Hard Man In The Face of Coinfire's Aggro!!! (Jul 8, 2022)
  18. https://web.archive.org/web/20160317160556/http://ltc.blockr.io/tx/info/61e61a63f35c951a16870df9e0a34df462ee473fde819d134da9485d2e7d8f44 (Jul 8, 2022)
  19. Litecoin / Transaction / 61e61a63f35c951a16870df9e0a34df462ee473fde819d134da9485d2e7d8f44 — Blockchair (Jul 8, 2022)
  20. Bitcoin price today, BTC live marketcap, chart, and info | CoinMarketCap (May 16, 2021)
  21. https://coinmarketcap.com/currencies/litecoin/historical-data/ (Mar 1, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Cryptsy_Exchange_Hack&oldid=3394"