Vircurex Exchange Hack: Difference between revisions
(Another 30 minutes complete. About section spread around. Reviewed some sources and added in additional sources. Added a new logo/homepage screenshot.) |
(Another 30 minutes complete. More sources integrated. There appear to be two separate hacks which happened to the Vircurex platform.) |
||
| Line 1: | Line 1: | ||
{{Case Study Under Construction}}{{Unattributed Sources}} | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
[[File:Vircurex.jpg|thumb|Vircurex Homepage/Logo]] | [[File:Vircurex.jpg|thumb|Vircurex Homepage/Logo]]Vircurex was a German exchange which supported trading in bitcoin and various alternative blockchains. With an anonymous exchange operator, once the hacks occurred, neither hack was revealed until far later. The exchange even lied about where they were based in an effort to prevent a lawsuit from occurring. | ||
<ref name="bitcointalklist-87" /><ref name="coindesk-179" /> | |||
== About Vircurex == | == About Vircurex == | ||
| Line 16: | Line 16: | ||
== What Happened == | == What Happened == | ||
The | The Vircurex wallets were breached and funds were stolen. | ||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Vircurex Exchange Hack | |+Key Event Timeline - Vircurex Exchange Hack | ||
| Line 22: | Line 22: | ||
!Event | !Event | ||
!Description | !Description | ||
|- | |||
|January 11th, 2013 5:19:25 AM MST | |||
|BitcoinTalk Thread Posted | |||
|An initial post is made on the BitcoinTalk forums "to announce that [the Vircurex] wallet has been compromised" and "DO NOT send any further funds to any of the coin wallets"<ref name=":1">[https://bitcointalk.org/index.php?topic=135919.0 VIRCUREX - BitcoinTalk] (Dec 12, 2023)</ref><ref name=":2">[https://web.archive.org/web/20130304224610/https://bitcointalk.org/index.php?topic=135919.0 VIRCUREX !!! IMPORTANT !!! - BitcoinTalk Archive March 4th, 2013 3:46:10 PM MST] (Dec 12, 2023)</ref>. | |||
|- | |||
|January 11th, 2013 6:58:50 AM MST | |||
|Attribution to Ruby on Rails Vulnerability | |||
|In a follow up response, the incident is attributed to a Ruby on Rails vulnerability<ref name=":1" />. TBD expand with more details.<ref name=":3">https://web.archive.org/web/20130304224610/http://www.exploit-db.com/exploits/24019/ (Dec 12, 2023)</ref><ref name=":4">http://www.exploit-db.com/exploits/24019/ (Dec 12, 2023)</ref> | |||
|- | |- | ||
|January 11th, 2013 | |January 11th, 2013 | ||
|Date Of Incident | |Date Of Incident | ||
|The widely referenced date of the incident<ref name="bitcoinexchangeguide-218" />. | |The widely referenced date of the incident<ref name="bitcoinexchangeguide-218" /><ref name="kylegibson-86" />. | ||
|- | |||
|March 16th, 2013 4:11:48 AM MDT | |||
|BitcoinTalk Thread Editted | |||
|The BitcoinTalk thread is edited, however it appears that only the title was modified from "VIRCUREX !!! IMPORTANT !!!" to just "VIRCUREX"<ref name=":1" /><ref name=":2" /> | |||
|- | |- | ||
|March 24th, 2014 | |March 24th, 2014 | ||
|CoinDesk Report | |CoinDesk Report | ||
|CoinDesk reports that the platform has frozen withdrawals<ref name="coindesk-179" />. TBD need to review article and update link. Got internal server error and issues accessing archive on Dec 11, 2023. | |CoinDesk reports that the platform has frozen withdrawals<ref name="coindesk-179" />. TBD need to review article and update link. Got internal server error and issues accessing archive on Dec 11, 2023. | ||
|- | |||
|April 18th, 2014 7:56:22 PM MDT | |||
|Included In BitcoinTalk List | |||
|A subsequent Vircurex exchange hack is featured in the BitcoinTalk "List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses" published by user dree12<ref name="bitcointalklist-87" />. | |||
|- | |- | ||
|January 12th, 2018 11:00:48 AM MST | |January 12th, 2018 11:00:48 AM MST | ||
|CoinDesk Report Of Lawsuit | |CoinDesk Report Of Lawsuit | ||
|CoinDesk reports that former customers of the cryptocurrency exchange Vircurex are suing the platform four years after it froze their funds and allegedly failed to repay them. Filed in the U.S. District Court in Colorado, the lawsuit accuses Vircurex of breach of contract, conversion of funds, fraud, and unjust enrichment. The complaint details how only a few account holders received their funds after the exchange froze withdrawals due to claimed insufficient reserves, with approximately $50 million collectively frozen in accounts. Despite the loss, Vircurex has allowed customers to deposit funds over the past four years and continues to operate. The lawsuit alleges deceptive statements and false promises by Vircurex, accusing the exchange of attempting to evade accountability<ref name="coindesk-178" />. | |CoinDesk reports that former customers of the cryptocurrency exchange Vircurex are suing the platform four years after it froze their funds and allegedly failed to repay them. Filed in the U.S. District Court in Colorado, the lawsuit accuses Vircurex of breach of contract, conversion of funds, fraud, and unjust enrichment. The complaint details how only a few account holders received their funds after the exchange froze withdrawals due to claimed insufficient reserves, with approximately $50 million collectively frozen in accounts. Despite the loss, Vircurex has allowed customers to deposit funds over the past four years and continues to operate. The lawsuit alleges deceptive statements and false promises by Vircurex, accusing the exchange of attempting to evade accountability<ref name="coindesk-178" />. | ||
|- | |||
|February 27th, 2019 11:31:32 AM MST | |||
|Inclusion In Kyle Gibson Timeline | |||
|Kyle Gibson includes the incident in his "100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents"<ref name="kylegibson-86" />. The incident is listed as a "Hack - Theft". References are provided to BitcoinTalk and CoinDesk. | |||
|- | |- | ||
|May 7th, 2019 7:49:57 PM MDT | |May 7th, 2019 7:49:57 PM MDT | ||
| Line 41: | Line 61: | ||
== Technical Details == | == Technical Details == | ||
<ref name=":3" /><ref name=":4" /><blockquote>Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (<nowiki>http://www.exploit-db.com/exploits/24019/</nowiki>) to withdraw the funds therefore.</blockquote> | |||
Yet more of its reserve funds were depleted by large withdrawals by some of its customers." | Yet more of its reserve funds were depleted by large withdrawals by some of its customers." | ||
TBD - review more of the BitcoinTalk thread<ref name=":1" />. | |||
== Total Amount Lost == | == Total Amount Lost == | ||
BitcoinExchangeGuide reports the loss as "1.666 Bitcoin" or "$50.000k" USD<ref name="bitcoinexchangeguide-218" />. | BitcoinExchangeGuide reports the loss as "1.666 Bitcoin" or "$50.000k" USD<ref name="bitcoinexchangeguide-218" />. | ||
Kyle Gibson reports the loss as "1666" and "50,000,000.00"<ref name="kylegibson-86" />'''.''' | |||
The total amount lost has been estimated at $50,000,000 USD. | The total amount lost has been estimated at $50,000,000 USD. | ||
| Line 54: | Line 78: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
Vircurex representatives announced the breach on the BitcoinTalk forums<ref name=":1" />. | |||
=== BitcoinTalk Thread Posted === | |||
BitcoinTalk user Kumala posted a notice to the BitcoinTalk forums about a wallet compromise<ref name=":1" />.<blockquote>We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.</blockquote>TBD - review more of the BitcoinTalk thread<ref name=":1" />. | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
TBD - Review more of the BitcoinTalk thread<ref name=":1" />. | |||
| Line 68: | Line 96: | ||
“In a lawsuit filed in the U.S. District Court in Colorado, a former Vircurex customer accuses the exchange of breach of contract, conversion of funds, fraud and unjust enrichment. The suit explained how only a few of the account holders had received their funds after the exchange froze all withdrawals due to a claimed lack of reserves. At present, the frozen accounts contain a combined $50 million.” “Vircurex’s steps to prevent its customers from suing included stating it was incorporated in Belize, which it is not, as well as indicating it might be based in Beijing. The lawsuit states the exchange is actually based out of Germany, but has never been legally incorporated in any jurisdiction, meaning it is not recognized as a formal business by any government.” | “In a lawsuit filed in the U.S. District Court in Colorado, a former Vircurex customer accuses the exchange of breach of contract, conversion of funds, fraud and unjust enrichment. The suit explained how only a few of the account holders had received their funds after the exchange froze all withdrawals due to a claimed lack of reserves. At present, the frozen accounts contain a combined $50 million.” “Vircurex’s steps to prevent its customers from suing included stating it was incorporated in Belize, which it is not, as well as indicating it might be based in Beijing. The lawsuit states the exchange is actually based out of Germany, but has never been legally incorporated in any jurisdiction, meaning it is not recognized as a formal business by any government.” | ||
=== Hack Again Later In 2013 === | |||
<ref>https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html</ref> | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
| Line 95: | Line 126: | ||
== References == | == References == | ||
<references> | <references> | ||
<ref name="kylegibson-86">[https://medium.com/@kylegibson/100-crypto-thefts-a-timeline-of-hacks-glitches-exit-scams-and-other-lost-cryptocurrency-873c87fd5522 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents] (Jan 25, 2020)</ref> | <ref name="kylegibson-86">[https://medium.com/@kylegibson/100-crypto-thefts-a-timeline-of-hacks-glitches-exit-scams-and-other-lost-cryptocurrency-873c87fd5522 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson] (Jan 25, 2020)</ref> | ||
<ref name="bitcointalklist-87">[https://bitcointalk.org/index.php?topic=576337 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses] (Feb 15, 2020)</ref> | <ref name="bitcointalklist-87">[https://bitcointalk.org/index.php?topic=576337 dree12 - List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk] (Feb 15, 2020)</ref> | ||
<ref name="coindesk-178">[https://www.coindesk.com/former-customers-sue-vircurex-exchange-over-frozen-crypto-funds Former Customers Sue Crypto Exchange Vircurex Over Frozen Funds - CoinDesk] (Feb 29, 2020)</ref> | <ref name="coindesk-178">[https://www.coindesk.com/former-customers-sue-vircurex-exchange-over-frozen-crypto-funds Former Customers Sue Crypto Exchange Vircurex Over Frozen Funds - CoinDesk] (Feb 29, 2020)</ref> | ||
<ref name="coindesk-179">[https://www.coindesk.com/exchange-vircurex-freezes-withdrawals-claims-lack-reserves Exchange Vircurex Freezes Withdrawals, Claims Lack of Reserves - CoinDesk] (Feb 29, 2020)</ref> | <ref name="coindesk-179">[https://www.coindesk.com/exchange-vircurex-freezes-withdrawals-claims-lack-reserves Exchange Vircurex Freezes Withdrawals, Claims Lack of Reserves - CoinDesk] (Feb 29, 2020)</ref> | ||
<ref name="bitcoinexchangeguide-218">[https://web.archive.org/web/20200413134528/https://bitcoinexchangeguide.com/bitcoin/scams-hacks/ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com Archive April 13th, 2020 7:45:28 AM MDT] (Mar 5, 2020)</ref> | <ref name="bitcoinexchangeguide-218">[https://web.archive.org/web/20200413134528/https://bitcoinexchangeguide.com/bitcoin/scams-hacks/ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com Archive April 13th, 2020 7:45:28 AM MDT] (Mar 5, 2020)</ref> | ||
</references> | </references> | ||
Revision as of 13:13, 12 December 2023
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Vircurex was a German exchange which supported trading in bitcoin and various alternative blockchains. With an anonymous exchange operator, once the hacks occurred, neither hack was revealed until far later. The exchange even lied about where they were based in an effort to prevent a lawsuit from occurring.
About Vircurex
Vircurex was based in Germany. The exchange supported trading in different cryptocurrencies including bitcoin, namecoin, devcoin, litecoin, ixcoin, ppcoin, and terracoin[3].
The exchange offered deposits and withdrawals in both USD and EUR[3]. The homepage of the website featured pricing tables for all supported coins[3].
Vircurex, the exchange platform for buying, selling and trading your Bitcoins and its various alt-chains. We currently support Bitcoin, Namecoin, Devcoin, Litecoin, Ixcoin, PPCoin, Terracoin
Homepage: vircurex.com[3]
The Reality
The Vircurex platform had already suffered 2 significant hacks in 2013.
What Happened
The Vircurex wallets were breached and funds were stolen.
| Date | Event | Description |
|---|---|---|
| January 11th, 2013 5:19:25 AM MST | BitcoinTalk Thread Posted | An initial post is made on the BitcoinTalk forums "to announce that [the Vircurex] wallet has been compromised" and "DO NOT send any further funds to any of the coin wallets"[4][5]. |
| January 11th, 2013 6:58:50 AM MST | Attribution to Ruby on Rails Vulnerability | In a follow up response, the incident is attributed to a Ruby on Rails vulnerability[4]. TBD expand with more details.[6][7] |
| January 11th, 2013 | Date Of Incident | The widely referenced date of the incident[8][9]. |
| March 16th, 2013 4:11:48 AM MDT | BitcoinTalk Thread Editted | The BitcoinTalk thread is edited, however it appears that only the title was modified from "VIRCUREX !!! IMPORTANT !!!" to just "VIRCUREX"[4][5] |
| March 24th, 2014 | CoinDesk Report | CoinDesk reports that the platform has frozen withdrawals[2]. TBD need to review article and update link. Got internal server error and issues accessing archive on Dec 11, 2023. |
| April 18th, 2014 7:56:22 PM MDT | Included In BitcoinTalk List | A subsequent Vircurex exchange hack is featured in the BitcoinTalk "List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses" published by user dree12[1]. |
| January 12th, 2018 11:00:48 AM MST | CoinDesk Report Of Lawsuit | CoinDesk reports that former customers of the cryptocurrency exchange Vircurex are suing the platform four years after it froze their funds and allegedly failed to repay them. Filed in the U.S. District Court in Colorado, the lawsuit accuses Vircurex of breach of contract, conversion of funds, fraud, and unjust enrichment. The complaint details how only a few account holders received their funds after the exchange froze withdrawals due to claimed insufficient reserves, with approximately $50 million collectively frozen in accounts. Despite the loss, Vircurex has allowed customers to deposit funds over the past four years and continues to operate. The lawsuit alleges deceptive statements and false promises by Vircurex, accusing the exchange of attempting to evade accountability[10]. |
| February 27th, 2019 11:31:32 AM MST | Inclusion In Kyle Gibson Timeline | Kyle Gibson includes the incident in his "100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents"[9]. The incident is listed as a "Hack - Theft". References are provided to BitcoinTalk and CoinDesk. |
| May 7th, 2019 7:49:57 PM MDT | Inclusion In BitcoinExchangeGuide | The incident is included as a "Hack / Theft" in a published list by BitcoinExchangeGuide.com[8]. |
Technical Details
Further update: The system was not breached, no passwords were compromised (they are salted and multiple times hashed anyways). The attacker used a RubyOnRails vulnerability that was released yesterday (http://www.exploit-db.com/exploits/24019/) to withdraw the funds therefore.
Yet more of its reserve funds were depleted by large withdrawals by some of its customers."
TBD - review more of the BitcoinTalk thread[4].
Total Amount Lost
BitcoinExchangeGuide reports the loss as "1.666 Bitcoin" or "$50.000k" USD[8].
Kyle Gibson reports the loss as "1666" and "50,000,000.00"[9].
The total amount lost has been estimated at $50,000,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
Vircurex representatives announced the breach on the BitcoinTalk forums[4].
BitcoinTalk Thread Posted
BitcoinTalk user Kumala posted a notice to the BitcoinTalk forums about a wallet compromise[4].
We sadly need to announce that our wallet has been compromised thus DO NOT send any further funds to any of the coin wallets, BTC, DVC, LTC, etc. We will setup a new wallet and reset all the addresses. This will most likely take the whole weekend.
TBD - review more of the BitcoinTalk thread[4].
Ultimate Outcome
TBD - Review more of the BitcoinTalk thread[4].
"In 2014, the exchange reported it was near insolvency after losing large amounts of its reserve funds. According to the lawsuit, part of this loss came from “two purported hacks the exchange experienced in mid-2013.”
“The freeze will affect all bitcoin, litecoin, feathercoin and terracoin withdrawals. A message on Vircurex’s site says it will create a new balance type called ‘Frozen Funds’ covering all balances in the aforementioned currencies. The company maintains it won’t be shutting down, saying it intends to “gradually pay back the losses”.”
“That Vircurex had a reserve shortfall had been known for some time, though not the exact amount. It froze BTC/LTC withdrawals in January 2013 after reporting that wallets had been compromised, but still allowed deposits in those currencies to continue.”
“In a lawsuit filed in the U.S. District Court in Colorado, a former Vircurex customer accuses the exchange of breach of contract, conversion of funds, fraud and unjust enrichment. The suit explained how only a few of the account holders had received their funds after the exchange froze all withdrawals due to a claimed lack of reserves. At present, the frozen accounts contain a combined $50 million.” “Vircurex’s steps to prevent its customers from suing included stating it was incorporated in Belize, which it is not, as well as indicating it might be based in Beijing. The lawsuit states the exchange is actually based out of Germany, but has never been legally incorporated in any jurisdiction, meaning it is not recognized as a formal business by any government.”
Hack Again Later In 2013
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Coming soon.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 dree12 - List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
- ↑ 2.0 2.1 Exchange Vircurex Freezes Withdrawals, Claims Lack of Reserves - CoinDesk (Feb 29, 2020)
- ↑ 3.0 3.1 3.2 3.3 Vircurex Exchange Homepage Archive April 24th, 2013 1:13:56 AM MDT (Dec 11, 2023)
- ↑ 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 VIRCUREX - BitcoinTalk (Dec 12, 2023)
- ↑ 5.0 5.1 VIRCUREX !!! IMPORTANT !!! - BitcoinTalk Archive March 4th, 2013 3:46:10 PM MST (Dec 12, 2023)
- ↑ 6.0 6.1 https://web.archive.org/web/20130304224610/http://www.exploit-db.com/exploits/24019/ (Dec 12, 2023)
- ↑ 7.0 7.1 http://www.exploit-db.com/exploits/24019/ (Dec 12, 2023)
- ↑ 8.0 8.1 8.2 Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com Archive April 13th, 2020 7:45:28 AM MDT (Mar 5, 2020)
- ↑ 9.0 9.1 9.2 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Jan 25, 2020)
- ↑ Former Customers Sue Crypto Exchange Vircurex Over Frozen Funds - CoinDesk (Feb 29, 2020)
- ↑ https://web.archive.org/web/20140323195552/https://vircurex.com/welcome/ann_reserved.html