Kipcoin Exchange Hack: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
(30 minutes. All sources integrated. Started up timeline. Started to review blockchain addresses for available transactions and filled in the timeline with the transactions we found. These are very different than the actual data in the report.)
 
Line 1: Line 1:
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/kipcoinexchangehack.php}}
{{Case Study Under Construction}}
{{Unattributed Sources}}


It appears obvious that this issue occurred due to the improper storage of funds. The operation also highly lacked transparency, promised a high rate of return, and it is unclear whether funds were ever backed to begin with.
KipCoin was a Chinese cryptocurrency exchange. In May 2014, a hacker managed to access the exchange's wallet.dat file, and in December 2014 they started withdrawing funds. The incident was finally widely reported in February 2015.
 
This exchange or platform is based in China, or the incident targeted people primarily in China.<ref name="kylegibson-86" /><ref name="bitcoinexchangeguide-218" /><ref name="coinjournal-255" /><ref name="slowmisthacked-1160" />


== About KipCoin ==
== About KipCoin ==
“Another Chinese based exchange has apparently lost its user’s funds. The Chinese Bitcoin exchange Kipcoin is not as well known as Huobi and OKcoin, but it apparently had a lot of bitcoins to lose. The Chinese exchange announced that it lost some or all of its user’s bitcoins and will temporarily be shutting down.” "In a statement the company released through the Chinese social media website Weibo, they mentioned that they will put all their services on hold temporarily. In this post, it was also mentioned that no Chinese Yuan were stolen from the accounts." “The hacker apparently gained access to Kipcoin’s server back in May and downloaded the wallet.dat file at that time. For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.” “The site says it will come back online and will then allow withdrawals of the other digital currencies it held: Litecoin and Dogecoin. Its holdings in Yuan are safe and will presumably be used to pay back users in Bitcoin eventually. Before that can be done however, the exchange says it needs to collaborate with law enforcement in finding the hacker.”
The Chinese Bitcoin exchange Kipcoin is not as well known as Huobi and OKcoin, but it apparently had a lot of bitcoins to lose.
 
This exchange or platform is based in China, or the incident targeted people primarily in China.
 
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
 
Include:


* Known history of when and how the service was started.
Website: kipcoin.com
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.
 
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.


== The Reality ==
== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
There is limited evidence that KipCoin had knowledge and ability for proper storage of funds. The operation lacked transparency, promised a high rate of return, and it is unclear whether funds were ever backed to begin with.
 
* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.


== What Happened ==
== What Happened ==
Line 44: Line 19:
!Description
!Description
|-
|-
|February 1st, 2015 12:00:40 AM MST
|May 2014
|Main Event
|Hacker Had Server Access
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|“The hacker apparently gained access to Kipcoin’s server back in May and downloaded the wallet.dat file at that time. For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.”
|-
|October 9th, 2014 8:56:21 AM MDT
|Blockchain Theft Transaction
|A blockchain transaction sends 188.09192282 BTC from the KipCoin exchange to one of the reported attacker wallets<ref>[https://www.blockchain.com/explorer/transactions/btc/807181a571e3e20e01600a483a5d25572f52c6f8f229d9296cb76fe991e63859 Transfer Of 188.09192282 BTC To Attacker - Blockchain.com] (Jan 25, 2024)</ref>.
|-
|October 20th, 2014 1:39:39 AM MDT
|Blockchain Theft Transaction
|A blockchain transaction sends 141.40022366 BTC from the KipCoin exchange to one of the reported attacker wallets<ref>[https://www.blockchain.com/explorer/transactions/btc/ffb14182a64c4eacdc6306573722da99cfbad20bed6b50d485116f913b8441bc Transfer of 141.40022366 BTC to Attacker Wallet - Blockchain.com] (Jan 25, 2024)</ref>.
|-
|October 28th, 2014 6:55:42 AM MDT
|Blockchain Transfer Transaction
|A blockchain transaction sends 326.27886977 BTC, including 141.39396724 BTC from one of the reported attacker wallets to another wallet<ref>[https://www.blockchain.com/explorer/transactions/btc/f342d5612ec5d61d8a0a397876949471179652bea7fae5bd66e555045a0abc71 Transfer of 326.27886977 BTC from Attacker's Wallets - Blockchain.com] (Jan 25, 2024)</ref>.
|-
|November 12th, 2014 2:38:15 AM MST
|Blockchain Transfer Transaction
|A blockchain transaction sends 188.09119789 BTC from one of the reported attacker wallets to another wallet<ref>[https://www.blockchain.com/explorer/transactions/btc/eef02e34aa2cb1be4a24e34f2ec929b60851c2ba4c8b20faebee5e96e310758f Transfer Of 188.09119789 BTC From Attacker - Blockchain.com] (Jan 25, 2024)</ref>.
|-
|November 12th, 2014 10:18:42 AM MST
|Blockchain Theft Transaction
|A blockchain transaction sends 20.02443561 BTC from the KipCoin exchange to one of the reported attacker wallets<ref>[https://www.blockchain.com/explorer/transactions/btc/12b7910e48117c68fb2dd85637f4976b6578078493271e43123530fc11d4748e Transfer of 20.02443561 BTC From KipCoin to the Attacker's Wallet - Blockchain.com] (Jan 25, 2024)</ref>.
|-
|December 29th, 2014 4:11:59 AM MST
|Blockchain Transfer Transaction
|A blockchain transaction sends 20.02430419 BTC from one of the reported attacker wallets to another wallet<ref>[https://www.blockchain.com/explorer/transactions/btc/869a7b17d95dddebeca9233c596bcd6dda02387874d538b48addd2f890049ef2 Transfer of 20.02430419 BTC From Attacker's Wallet - Blockchain.com] (Jan 25, 2024)</ref>.
|-
|December 2014
|Funds Begin Moving
|“For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.
|-
|-
|
|February 17th, 2015 1:51:39 PM MST
|
|CoinJournal Article Published
|
|CoinJournal reports that the Chinese Bitcoin exchange Kipcoin has suffered a hack, losing some or all of its users' bitcoins, totaling over 3,000 bitcoins, according to the translated announcement on its Weibo page<ref name="coinjournal-255" /><ref>[https://web.archive.org/web/20200720204913/https://coinjournal.net/news/chinese-exchange-kipcoin-hacked/ Chinese Exchange KipCoin Has Been Hacked - CoinJournal Archive July 20th, 2020 2:49:13 PM MDT] (Jan 25, 2024)</ref>. The hack reportedly occurred in May when the attacker gained access to Kipcoin's server and downloaded the wallet.dat file. Although the hacker remained inactive until December 2014, it's unclear why the exchange did not secure its funds during this period. Kipcoin plans to come back online and allow withdrawals of other digital currencies it held, such as Litecoin and Dogecoin, with holdings in Yuan being safe. The exchange will collaborate with law enforcement to identify the hacker, but the process may be delayed due to the Chinese Spring Festival. Kipcoin indicated that the attackers left clues about their identities, and if the bitcoins are returned, they may consider lifting the complaint<ref name="coinjournal-255" />.
|}
|}
== Technical Details ==
“The hacker apparently gained access to Kipcoin’s server back in May and downloaded the wallet.dat file at that time. For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.”
Blockchain addresses belonging to the hacker<ref name="coinjournal-255" />:
1Chg6NxMeTcZ3DQvYA9gocjU4RQwH1LtKD
18zf9CWe4uBy8BesHU3BWqjpibDRRBoPLD
1MYkHXvnWuZ5FaMJkNv4uCLoVC2Ztp2DXK
152BSsbpcGMdj9WBGHq3wXHgJVuqQCs4aJ
16j131w3cvkdAc13sg5nREMiiJj3zoRw5n
16qHXy4RDeek56mNDN84d2F6niE96taQso
175L5Sx81dZZBureP8RtLUyUXoruVdAj1E
17ZJ1sqDRxq7oRVrnNLxoyrvHrtrjtPRfp
17amdMD8JJPcipWqUEwzEtsAuYu1FzkVtg
181qVdiaCcJmzGJV9PEobeYYnkC25PyJdT
18ncsALSWGWRG3JK6yio4PXoiWBbvxAxng
1XgAzaQEe9iDEohWCmdNXSH8XZ74uLBnd
TBD - process from fourth address onward above.


== Total Amount Lost ==
== Total Amount Lost ==
The total amount lost has been estimated at $690,000 USD.
The total amount lost has been estimated at $690,000 USD.


How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
== Immediate Reactions ==
“Another Chinese based exchange has apparently lost its user’s funds. The Chinese exchange announced that it lost some or all of its user’s bitcoins and will temporarily be shutting down.”
 
 
"In a statement the company released through the Chinese social media website Weibo, they mentioned that they will put all their services on hold temporarily. In this post, it was also mentioned that no Chinese Yuan were stolen from the accounts."


== Immediate Reactions ==
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?


== Ultimate Outcome ==
== Ultimate Outcome ==
“The site says it will come back online and will then allow withdrawals of the other digital currencies it held: Litecoin and Dogecoin. Its holdings in Yuan are safe and will presumably be used to pay back users in Bitcoin eventually. Before that can be done however, the exchange says it needs to collaborate with law enforcement in finding the hacker.”
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
The hack was included in various lists including the SlowMist Zone<ref name="slowmisthacked-1160" />, Kyle Gibson<ref name="kylegibson-86" />, and the BitcoinExchangeGuide<ref name="bitcoinexchangeguide-218" /> (TBD - fix source).


== Total Amount Recovered ==
== Total Amount Recovered ==
Line 89: Line 117:


== References ==
== References ==
<references><ref name="kylegibson-86">[https://medium.com/@kylegibson/100-crypto-thefts-a-timeline-of-hacks-glitches-exit-scams-and-other-lost-cryptocurrency-873c87fd5522 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents] (Jan 25, 2020)</ref>
<references>
 
<ref name="kylegibson-86">[https://medium.com/@kylegibson/100-crypto-thefts-a-timeline-of-hacks-glitches-exit-scams-and-other-lost-cryptocurrency-873c87fd5522 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson Medium] (Jan 25, 2020)</ref>
<ref name="bitcoinexchangeguide-218">[https://bitcoinexchangeguide.com/bitcoin/scams-hacks/ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com] (Mar 5, 2020)</ref>
<ref name="bitcoinexchangeguide-218">[https://bitcoinexchangeguide.com/bitcoin/scams-hacks/ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com] (Mar 5, 2020)</ref>
 
<ref name="coinjournal-255">[https://coinjournal.net/chinese-exchange-kipcoin-hacked/ Chinese Exchange KipCoin Has Been Hacked - CoinJournal] (Mar 14, 2020)</ref>
<ref name="coinjournal-255">[https://coinjournal.net/chinese-exchange-kipcoin-hacked/ Chinese Exchange KipCoin Has Been Hacked - Coinjournal] (Mar 14, 2020)</ref>
<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 26, 2021)</ref>
 
</references>
<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 26, 2021)</ref></references>

Latest revision as of 17:47, 25 January 2024

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

KipCoin was a Chinese cryptocurrency exchange. In May 2014, a hacker managed to access the exchange's wallet.dat file, and in December 2014 they started withdrawing funds. The incident was finally widely reported in February 2015.

About KipCoin

The Chinese Bitcoin exchange Kipcoin is not as well known as Huobi and OKcoin, but it apparently had a lot of bitcoins to lose.

Website: kipcoin.com

The Reality

There is limited evidence that KipCoin had knowledge and ability for proper storage of funds. The operation lacked transparency, promised a high rate of return, and it is unclear whether funds were ever backed to begin with.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Kipcoin Exchange Hack
Date Event Description
May 2014 Hacker Had Server Access “The hacker apparently gained access to Kipcoin’s server back in May and downloaded the wallet.dat file at that time. For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.”
October 9th, 2014 8:56:21 AM MDT Blockchain Theft Transaction A blockchain transaction sends 188.09192282 BTC from the KipCoin exchange to one of the reported attacker wallets[1].
October 20th, 2014 1:39:39 AM MDT Blockchain Theft Transaction A blockchain transaction sends 141.40022366 BTC from the KipCoin exchange to one of the reported attacker wallets[2].
October 28th, 2014 6:55:42 AM MDT Blockchain Transfer Transaction A blockchain transaction sends 326.27886977 BTC, including 141.39396724 BTC from one of the reported attacker wallets to another wallet[3].
November 12th, 2014 2:38:15 AM MST Blockchain Transfer Transaction A blockchain transaction sends 188.09119789 BTC from one of the reported attacker wallets to another wallet[4].
November 12th, 2014 10:18:42 AM MST Blockchain Theft Transaction A blockchain transaction sends 20.02443561 BTC from the KipCoin exchange to one of the reported attacker wallets[5].
December 29th, 2014 4:11:59 AM MST Blockchain Transfer Transaction A blockchain transaction sends 20.02430419 BTC from one of the reported attacker wallets to another wallet[6].
December 2014 Funds Begin Moving “For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.”
February 17th, 2015 1:51:39 PM MST CoinJournal Article Published CoinJournal reports that the Chinese Bitcoin exchange Kipcoin has suffered a hack, losing some or all of its users' bitcoins, totaling over 3,000 bitcoins, according to the translated announcement on its Weibo page[7][8]. The hack reportedly occurred in May when the attacker gained access to Kipcoin's server and downloaded the wallet.dat file. Although the hacker remained inactive until December 2014, it's unclear why the exchange did not secure its funds during this period. Kipcoin plans to come back online and allow withdrawals of other digital currencies it held, such as Litecoin and Dogecoin, with holdings in Yuan being safe. The exchange will collaborate with law enforcement to identify the hacker, but the process may be delayed due to the Chinese Spring Festival. Kipcoin indicated that the attackers left clues about their identities, and if the bitcoins are returned, they may consider lifting the complaint[7].

Technical Details

“The hacker apparently gained access to Kipcoin’s server back in May and downloaded the wallet.dat file at that time. For months, according to Kipcoin, the hacker did nothing with the funds before beginning to move them in December 2014. It is not clear why the site didn’t secure its funds at that time.”

Blockchain addresses belonging to the hacker[7]: 

1Chg6NxMeTcZ3DQvYA9gocjU4RQwH1LtKD
18zf9CWe4uBy8BesHU3BWqjpibDRRBoPLD
1MYkHXvnWuZ5FaMJkNv4uCLoVC2Ztp2DXK
152BSsbpcGMdj9WBGHq3wXHgJVuqQCs4aJ
16j131w3cvkdAc13sg5nREMiiJj3zoRw5n
16qHXy4RDeek56mNDN84d2F6niE96taQso
175L5Sx81dZZBureP8RtLUyUXoruVdAj1E
17ZJ1sqDRxq7oRVrnNLxoyrvHrtrjtPRfp
17amdMD8JJPcipWqUEwzEtsAuYu1FzkVtg
181qVdiaCcJmzGJV9PEobeYYnkC25PyJdT
18ncsALSWGWRG3JK6yio4PXoiWBbvxAxng
1XgAzaQEe9iDEohWCmdNXSH8XZ74uLBnd

TBD - process from fourth address onward above.

Total Amount Lost

The total amount lost has been estimated at $690,000 USD.

Immediate Reactions

“Another Chinese based exchange has apparently lost its user’s funds. The Chinese exchange announced that it lost some or all of its user’s bitcoins and will temporarily be shutting down.”


"In a statement the company released through the Chinese social media website Weibo, they mentioned that they will put all their services on hold temporarily. In this post, it was also mentioned that no Chinese Yuan were stolen from the accounts."

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

“The site says it will come back online and will then allow withdrawals of the other digital currencies it held: Litecoin and Dogecoin. Its holdings in Yuan are safe and will presumably be used to pay back users in Bitcoin eventually. Before that can be done however, the exchange says it needs to collaborate with law enforcement in finding the hacker.”

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

The hack was included in various lists including the SlowMist Zone[9], Kyle Gibson[10], and the BitcoinExchangeGuide[11] (TBD - fix source).

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

Coming soon.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Transfer Of 188.09192282 BTC To Attacker - Blockchain.com (Jan 25, 2024)
  2. Transfer of 141.40022366 BTC to Attacker Wallet - Blockchain.com (Jan 25, 2024)
  3. Transfer of 326.27886977 BTC from Attacker's Wallets - Blockchain.com (Jan 25, 2024)
  4. Transfer Of 188.09119789 BTC From Attacker - Blockchain.com (Jan 25, 2024)
  5. Transfer of 20.02443561 BTC From KipCoin to the Attacker's Wallet - Blockchain.com (Jan 25, 2024)
  6. Transfer of 20.02430419 BTC From Attacker's Wallet - Blockchain.com (Jan 25, 2024)
  7. 7.0 7.1 7.2 Chinese Exchange KipCoin Has Been Hacked - CoinJournal (Mar 14, 2020)
  8. Chinese Exchange KipCoin Has Been Hacked - CoinJournal Archive July 20th, 2020 2:49:13 PM MDT (Jan 25, 2024)
  9. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
  10. 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson Medium (Jan 25, 2020)
  11. Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Kipcoin_Exchange_Hack&oldid=5416"