Ascendex Hot Wallet Hack: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/ascendexhotwallethack.php}}
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/ascendexhotwallethack.php}}
{{Unattributed Sources}}
{{Unattributed Sources}}


[[File:Ascendex.jpg|thumb|Ascendex]]BitMax, now renamed AscendEx, suffered a security breach which occurred when an unauthorized actor was able to gain an unauthorized bypass into their hot wallets by exploiting a hardware vulnerability. The total funds taken were estimated at $77.7m, and varied across a wide range of currencies. The majority of funds on the platform remain safe as they were in cold storage, and the exchange has vowed to cover all user balances.
[[File:Ascendex.jpg|thumb|Ascendex]]BitMax, now renamed AscendEx, suffered a security breach which occurred when an unauthorized actor was able to gain an unauthorized bypass into their hot wallets by exploiting a hardware vulnerability. The total funds taken were estimated at $77.7m, and varied across a wide range of currencies. The majority of funds on the platform remain safe as they were in cold storage, and the exchange has vowed to cover all user balances.


This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.
This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.<ref name="newsdotbitcoin-4730" /><ref name="ascendex-4731" /><ref name="coincunews-4732" /><ref name="coincunews-4733" /><ref name="ascendex-4734" /><ref name="cointelegraph-4735" /><ref name="instagram-4736" /><ref name="peckshieldtwitter-4737" /><ref name="ascendex-4738" /><ref name="ascendex-4739" /><ref name="ascendex-4740" /><ref name="ascendex-4741" /><ref name="ascendex-4742" /><ref name="ascendex-4743" /><ref name="ascendex-4744" /><ref name="ascendex-4745" /><ref name="ascendexglobaltwitter-4746" /><ref name="ascendexmedium-4747" /><ref name="businessinsider-4748" /><ref name="businesswire-4749" /><ref name="coingeek-4750" /><ref name="cryptopotato-4751" /><ref name="cryptobriefing-4752" /><ref name="zdnet-4753" /><ref name="ascendexglobaltwitter-4754" /><ref name="theblockcrypto-4755" /><ref name="coindesk-4756" /><ref name="cryptonews-9850" /><ref name="cryptonews-9852" />
<ref name="newsdotbitcoin-4730" /><ref name="ascendex-4731" /><ref name="coincunews-4732" /><ref name="coincunews-4733" /><ref name="ascendex-4734" /><ref name="cointelegraph-4735" /><ref name="instagram-4736" /><ref name="peckshieldtwitter-4737" /><ref name="ascendex-4738" /><ref name="ascendex-4739" /><ref name="ascendex-4740" /><ref name="ascendex-4741" /><ref name="ascendex-4742" /><ref name="ascendex-4743" /><ref name="ascendex-4744" /><ref name="ascendex-4745" /><ref name="ascendexglobaltwitter-4746" /><ref name="ascendexmedium-4747" /><ref name="businessinsider-4748" /><ref name="businesswire-4749" /><ref name="coingeek-4750" /><ref name="cryptopotato-4751" /><ref name="cryptobriefing-4752" /><ref name="zdnet-4753" /><ref name="ascendexglobaltwitter-4754" /><ref name="theblockcrypto-4755" /><ref name="coindesk-4756" /><ref name="cryptonews-9850" /><ref name="cryptonews-9852" />


== About Ascendex ==
== About Ascendex ==
Line 79: Line 78:
!Description
!Description
|-
|-
|December 11th, 2021 12:00:00 AM
|December 11th, 2021
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
Line 87: Line 86:
|
|
|}
|}
== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?


== Total Amount Lost ==
== Total Amount Lost ==
Line 106: Line 108:
== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
What parts of this case are still remaining to be concluded?
== General Prevention Policies ==
While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
{{Prevention:Individuals:End}}
== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:End}}
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}


== Prevention Policies ==
{{Prevention:Regulators:End}}
While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.


== References ==
== References ==

Revision as of 15:34, 7 May 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Ascendex

BitMax, now renamed AscendEx, suffered a security breach which occurred when an unauthorized actor was able to gain an unauthorized bypass into their hot wallets by exploiting a hardware vulnerability. The total funds taken were estimated at $77.7m, and varied across a wide range of currencies. The majority of funds on the platform remain safe as they were in cold storage, and the exchange has vowed to cover all user balances.

This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29]

About Ascendex

"AscendEX, launched under the name “BitMax” in July 2018, offers exchange, custody, and staking services to over one million retail and institutional clients globally." "Buy and sell BTC, ETH, LTC, DOGE, and other altcoins." "Trade over 100 cryptocurrencies including BTC, ETH, LTC, DOGE, Altcoins, Stablecoins and Platform Tokens." "AscendEX is a leading global digital asset financial platform founded by a group of Wall Street quantitative trading veterans in 2018." "AscendEX has a total of 253 tokens listed and provides innovative product offerings, including: ASD Investment Multiple Cards, Airdrop Multiple Cards, Staking Services, and more." "The Singapore-based cryptocurrency exchange AscendEX [was] formerly known as BitMax until March 2021."

"SINGAPORE--(BUSINESS WIRE)--AscendEX, a global cryptocurrency financial platform, has announced the close of a $50 million Series B raise led by Polychain Capital and Hack VC, with participation from Jump Capital and Alameda Research, as well as Uncorrelated Ventures, Eterna Capital, Acheron Trading, Nothing Research, and Palm Drive Capital. Imperii Partners served as an exclusive financial advisor to AscendEX in support of the Series B fundraise process."

“We are grateful to have very prominent investors involved in our latest fundraising round,” said George Cao, CEO and Co-founder of AscendEX. “Polychain Capital and Hack VC, as active catalysts of the DeFi ecosystem, have backed some of the industry’s most innovative blockchain networks, exchanges, and trading institutions. Similarly, Alameda Research, founded by Sam Bankman-Fried, has emerged as one of the most prolific investors in the industry, fueling growth within both CeFi and DeFi. Participation from Jump Capital, a seasoned Crypto and Fintech investor, further showcases the success of our deep roots in traditional finance, as AscendEX’s core team is proud of our extensive experience in Wall Street quant trading.”

"2021 has been another year of accelerated growth for all of us at AscendEX! The year began with a major milestone -- AscendEX’s native token ASD (previously BTMX) ranked as one of the “top 100” cryptocurrencies, which was a remarkable testament to our growth and the contributions from market participants, global users, and the greater blockchain industry. Throughout the year, the AscendEX team has accelerated our tradition of continuous product innovation and client-first strategies by further enhancing our platform’s core functionalities, expanding our global communities, and driving brand awareness. As the market matures with broader adoption underway, AscendEX continues to rise through consistency and excellence in performance and delivery in the ever-evolving digital asset industry."

"At around 22:00 UTC on Dec 11, 2021, AscendEX’s internal security audit report identified that a number of ERC-20, BSC, and Polygon tokens were transferred out of the exchange’s hot wallets." "On December 11th, an individual or number of criminal actors gained unauthorized passthrough access to AscendEX’s hot wallet infrastructure and initiated a number of transfers on the Ethereum, Polygon, Binance Smart Chain, Litecoin, and Bitcoin Cash networks."

"Of the stolen tokens, the relatively unknown Taraxa (TARA) accounted for the highest figure at $10.8 million. TARA is the native token of the Taraxa network, which claims to be purpose-built for audit logging of informal transactions." "Other impacted tokens include Tether (USDT) with a loss of $5.7 million, USD Coin (USDC) at $5 million, Shiba Inu worth $145,000 and Polygon MATIC valued at $691,000." "An in-depth security audit identified the breach as the result of an exploit of hardware-level vulnerability from third-party infrastructure utilized by AscendEX. The infiltration was carried out by highly sophisticated perpetrators."

"22:00 UTC 12/11, We have detected a number of ERC-20, BSC, and Polygon tokens transferred from our hot wallet. Cold Wallet is NOT affected. Investigation underway. If any user’s funds are affected by the incident, they will be covered completely by AscendEX." "These assets constituted a relatively small percentage of total exchange holdings. AscendEX cold wallets are unaffected by this incident."

"We have confirmed movement of the funds across ERC-20, Polygon, BSC, and xDAI wallets." "Shortly after these unauthorized transactions occurred, our internal monitoring systems detected an anomaly and initiated emergency security protocols." "We immediately initiated our security protocols and have implemented a number of concrete actions to mitigate the impact to our community and resolve this in earnest." "Out of the lot, around $60 million worth of tokens were transferred over the Ethereum blockchain alone. Tokens stolen from BSC and Polygon are worth $9.2 million and $8.5 million, respectively."

"We have temporarily halted all deposits and withdrawals from the platform and are working diligently to restore this service gradually after it is completely safe and secure to do so. Following a thorough security review, we will reopen the platform and allow all users to transfer assets. Trading remains active and has not been halted." "Trading, staking, and yield farming services remain active and has not been halted."

"[W]e want to reinforce our commitment to providing a secure and trusted environment for our users and resolving this situation quickly and efficiently." "We are in the process of standing up a new hot wallet infrastructure and estimate deposits and withdrawals to resume in the next 36 – 48 hours. Trading, staking, and yield farming services have not been impacted by this security incident and remain active. We plan to resume withdrawals gradually, beginning with Ethereum. Any user that wishes to withdraw their assets will be permitted to do so in an uninterrupted capacity once withdrawals reopen for the particular coin or token."

"AscendEX will release a comprehensive security post-mortem report in the coming days to provide transparency on the root cause of the incident as well as the actions we have taken to mitigate future risks." "In its post-mortem, the Singaporean exchange claimed to have identified the perpetrators’ wallets to be with Binance, Bitfinex, and OKEx."

"Doing right by our customers is our obligation. Any impacted customers will be 100% reimbursed for their losses. Especially in the cryptocurrency industry, where community is the driving force of innovation, it is important for AscendEX to always remain true to our users," the company said.

"AscendEX will fully reimburse all affected customers. Unimpacted assets have been transferred to our cold wallet for security as we continue to investigate." "We are working with all impacted projects to mitigate any potential damage to their communities and have encouraged impacted projects to freeze transfers, as contracts allow. Many projects are exploring the possibility of reissuing tokens to users." "AscendEX is working very closely with token projects and encouraging all heavily impacted projects to pursue token swaps to ensure network integrity and limit the impact to their community. Bemil Coin and Zignaly are two examples of heavily impacted projects that have exercised a token swap. AscendEX is supportive of this recourse as a way to protect the integrity of the projects’ networks."

"AscendEX continues to work in close collaboration with token projects to protect not only our community, but theirs, as well. We are supporting engineering costs for projects that perform token swaps, and many of the heavily impacted projects have already begun these swaps to ensure network integrity. Bemil Coin and Zignaly have been the first to exercise token swaps and have saved their communities more than $8M worth of tokens as a result." "Of the projects that were impacted by the attack, five have conducted a smart contract migration. These projects are Zignaly, Bemil Coin, Gather, BTC Proxy, and Aubit. As a result of the swift action taken by these projects, over $10 million in assets were recovered."

"We have deployed a completely new hot wallet infrastructure, meaning no single aspect of our legacy technology or hardware was reused." "The new infrastructure not only addresses the root cause of the issue, but it exhausts many additional redundant security measures and fail-safes to ensure a breach is probabilistically unfeasible using Defense in Depth (“DiD”) techniques." "Accordingly, each account has been assigned NEW deposit addresses for each network. Deposits must be made to newly assigned addresses in order to be credited."

"Deposit and withdrawals services will begin with Ethereum and we will gradually resume services for other assets to ensure a smooth reopening of the platform. Any user that wishes to withdraw their assets will be permitted to do so once withdrawals reopen for the particular coin or token. As a reminder, trading, staking, and yield farming services have not been impacted by this security incident and remain active." "We’re happy to announce that deposits and withdrawals will be opened at approximately 3:00 UTC, December 16th."

"AscendEX has been working closely with law enforcement and cybersecurity institutions including Ledger and Chainalysis to reinforce process controls, infrastructure security, compliance, and account-level security leveraging industry-leading security controls." "We are working with law enforcement and collaborating with leading blockchain forensic firms to track and monitor the transferred assets. We have also communicated with other exchanges to blacklist the wallets associated with the incident."

"As always, we are grateful for your continued support. As the investigation continues, we will remain in regular communication with our users, projects, and other key members of the community to resolve this situation and ensure timely, equitable solutions for any impacted users."

This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Ascendex Hot Wallet Hack
Date Event Description
December 11th, 2021 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $77,700,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

While the most secure storage by far is a multi-signature wallet with all keys properly held by trained individuals, security of hot wallets can be improved by having additional experts review the security of systems. Our proposed framework sees 2 reviews prior to launch, and regular reviews on an ongoing basis. In the event of a breach, a comprehensive industry insurance fund would be available, which handles fraud and covers additional events beyond self-insurance.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Ascendex Hacked — Exchange Loses $77 Million in ERC20, BSC, Polygon Tokens – Bitcoin News (Dec 12, 2021)
  2. AscendEX: Cryptocurrency Trading Platform | Bitcoin & Crypto Exchange (Dec 24, 2021)
  3. AscendEX will list CryptoArt this afternoon - CoinCu News (Dec 25, 2021)
  4. Hackers stole a number of tokens from the AscendEX exchange hot wallet, the loss was estimated at $ 77.7 million - CoinCu News (Dec 25, 2021)
  5. 2021 “Three Years Later… A Celebration of Success and the Best is Yet to Come” A Letter to the AscendEX Global Community | Help Center | AscendEX (Dec 25, 2021)
  6. AscendEX loses $80M following ERC-20, BSC, Polygon hot wallet compromise (Dec 25, 2021)
  7. Login • Instagram (Dec 25, 2021)
  8. @peckshield Twitter (Dec 25, 2021)
  9. Security Incident Update: Deposits & Withdrawals to Resume within 36-48 hours (est) | Help Center | AscendEX (Dec 25, 2021)
  10. Important Notice | Help Center | AscendEX (Dec 25, 2021)
  11. The Deposit and Withdrawal of More Assets Resumed on AscendEX | Help Center | AscendEX (Dec 25, 2021)
  12. AscendEX Temporary Suspension Deposit & Withdrawal | Help Center | AscendEX (Dec 25, 2021)
  13. Dec. 11 Security Incident | Help Center | AscendEX (Dec 25, 2021)
  14. Dec. 11 Security Incident - Follow-Up Announcement | Help Center | AscendEX (Dec 25, 2021)
  15. Dec. 11 Security Incident - Timing for Resuming Deposit and Withdrawal Services | Help Center | AscendEX (Dec 25, 2021)
  16. Dec. 11 Security Incident Report | Help Center | AscendEX (Dec 25, 2021)
  17. @AscendEX_Global Twitter (Dec 25, 2021)
  18. Weekly Roundup Dec 4 Dec 10 2021 (Dec 25, 2021)
  19. AscendEX suspends crypto withdrawals as hack wipes out $77.7 million worth of Ethereum, Polygon and other tokens | Business Insider India (Dec 25, 2021)
  20. https://www.businesswire.com/news/home/20211103006190/en/AscendEX-Announces-a-50mm-Series-B-Raise-Led-by-Polychain-Capital-and-Hack-VC (Dec 25, 2021)
  21. AscendEx exchange loses $77M in hack, promises full compensation - CoinGeek (Dec 25, 2021)
  22. Crypto Exchange AscendEX (Formerly Bitmax) Hacked: $80 Million Allegedly Stolen (Dec 25, 2021)
  23. AscendEX Exchange Loses $77.7M in Latest Crypto Hack - Crypto Briefing (Dec 25, 2021)
  24. After theft of $77.7 million, victim AscendEX to reimburse customers | ZDNet (Dec 25, 2021)
  25. @AscendEX_Global Twitter (Dec 25, 2021)
  26. Crypto exchange AscendEX hacked for $78 million in latest swindle (Dec 25, 2021)
  27. Crypto Exchange AscendEX Hacked, Losses Estimated at $77M (Dec 25, 2021)
  28. Santa Hackathon? Visor Finance Marks 7th Hack in December (Dec 1, 2022)
  29. Hacked AscendEX to Reimburse Users, Says 'Relatively Small Percentage' Impacted (Dec 1, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Ascendex_Hot_Wallet_Hack&oldid=4329"