CryptoRush Hack: Difference between revisions
No edit summary |
(Another 30 minutes complete. About section split apart. Added a screenshot and logo from the website. Integrated information from the about and FAQ sections of the site. Started review/integration of Pastebin source.) |
||
| Line 6: | Line 6: | ||
== About CryptoRush == | == About CryptoRush == | ||
While CryptoRush used a .in extension<ref name=":1">[https://web.archive.org/web/20140317110538/https://www.cryptorush.in/ CryptoRush Homepage Archive March 17th, 2014 5:05:38 AM MDT] (Accessed Mar 1, 2024)</ref> which is the country code of India, the exchange was actually based in the United States. CryptoRush appears to favour small alternate currencies, and was aiming to be a top cryptocurrency exchange<ref name=": | While CryptoRush used a .in extension<ref name=":1">[https://web.archive.org/web/20140317110538/https://www.cryptorush.in/ CryptoRush Homepage Archive March 17th, 2014 5:05:38 AM MDT] (Accessed Mar 1, 2024)</ref> which is the country code of India, the exchange was actually based in the United States. CryptoRush appears to favour small alternate currencies, and was aiming to be a top cryptocurrency exchange<ref name=":2">[https://web.archive.org/web/20140302065608/https://cryptorush.in/index.php?p=about About CryptoRush Archive March 1st, 2014 11:56:08 PM MST] (Accessed Mar 1, 2024)</ref>. The founder was reportedly named Kristian, while the other team members were reportedly named Matt and Chris, who joined after beta<ref name=":2">[https://web.archive.org/web/20140302065608/https://cryptorush.in/index.php?p=about About CryptoRush Archive March 1st, 2014 11:56:08 PM MST] (Accessed Mar 1, 2024)</ref>.<blockquote>Crypto Rush strives to help give all coins a chance. We aim to be at the top of the crypto currency exchanges as we grow, we offer low fees compared to other exchanges. We also want to give new coins a chance and have a low cost system to help get coins in. When a coin goes down, users will be automatically alerted via twitter and e-mail and the markets suspended to secure your coins! Thank you for using Crypto Rush! | ||
Crypto Rush started by the owner Kristian in 2014 was originally to be just one market. But soon evolved into more, and even more. Matt joined the team fairly soon into development as co-owner, within a fortnight the basis was written from the ground up with security in mind. | Crypto Rush started by the owner Kristian in 2014 was originally to be just one market. But soon evolved into more, and even more. Matt joined the team fairly soon into development as co-owner, within a fortnight the basis was written from the ground up with security in mind. | ||
When beta launched, Chris joined the team and helped increase productivity with his skillset</blockquote> | When beta launched, Chris joined the team and helped increase productivity with his skillset</blockquote>The Frequently Asked Questions (FAQ) page for Crypto Rush offers valuable information for users encountering various issues while using the platform. It addresses common login and activation problems, advises users to use their email address for authentication, and offers manual activation assistance if necessary. The FAQ also covers issues related to negative balances after placing orders, attributing them to rounding errors and assuring users that they usually resolve automatically within 30 minutes. For discrepancies in order fulfillment, users are encouraged to contact support for investigation and can review their transaction history for clarity. Regarding deposit recognition delays, the FAQ explains the process and encourages users to verify deposits on the blockchain while providing a manual update option. It also assures users of the platform's security measures and offers assistance for any redirection issues.<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref> | ||
Furthermore, the FAQ lists supported coins on the platform, providing users with comprehensive information about the available cryptocurrencies for trading. It clarifies the fees charged by Crypto Rush, including buying and selling fees, withdrawal fees, and fees for accepting new coins, aiming to offer competitive rates and superior service. Additionally, the FAQ explains the varying withdrawal fees for different coins, attributing them to both platform fees and network transaction fees. It also addresses users' inquiries about purchasing coins directly from Crypto Rush, emphasizing that while plans exist, this feature is not currently available. Moreover, the FAQ reassures users about the safety of their coins, detailing the platform's security measures and separate storage for wallets. Lastly, it explains the trading engine's limitations, such as the trade rate matching and order fulfillment process, while offering guidance on resolving balance discrepancies caused by sync issues.<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref> | |||
== The Reality == | == The Reality == | ||
Every coin supported increases the attack surface against a platform, since an issue in one coin could inflate the user's balance and allow them to trade against other coins. | |||
Signs of limited experience were visible from the FAQ page of CryptoRush.in itself<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref>. | |||
* | |||
* | * A FAQ entry reported on an outstanding issue with negative balances, which had not been corrected, and suggested the possibility that users might have even larger negative balances. Negative balances suggest a vulnerability in the platform, which could be exploited for further loss<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref>. | ||
* A FAQ entry mentioned that using email addresses was more secure than using usernames. It is not clear how this is the case, since many exploits can start from the user's email address being compromised, and one of the steps in exploiting to recover an account is often obtaining access to recovery points such as the email address. There is likely to be a similar number of breaches of username/password combinations in comparison to email/password combinations for users who reuse passwords. The only case where this could be useful is if the username is publicly visible on the platform itself, and it's not clear whether or not this is the case<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref>. | |||
== What Happened == | == What Happened == | ||
The | The CryptoRush platform was exploited, with the attacker managing to withdraw 950 BTC and 2500 LTC. | ||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - CryptoRush Hack | |+Key Event Timeline - CryptoRush Hack | ||
| Line 35: | Line 37: | ||
|Insider Information Leak | |Insider Information Leak | ||
|A CCN article sheds visibility into the lack of funds in the CryptoRush exchange platform<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. A support worker at CryptoRush, named DogeyMcDoge, has leaked inside information regarding the exchange's troubles. This leak sheds light on the challenges faced by CryptoRush in the past month, including two hacking incidents and unorthodox methods to recover losses. Despite attempts to reassure users with solutions like CryptoRushShares, transparency issues persisted, leading to insolvency. DogeyMcDoge's confession has been confirmed by CryptoRush's administrators, who announced an official statement forthcoming. Meanwhile, CryptoRush has appointed a new CEO and promised to reimburse stolen funds. However, doubts linger about the exchange's ability to address its issues effectively<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. | |A CCN article sheds visibility into the lack of funds in the CryptoRush exchange platform<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. A support worker at CryptoRush, named DogeyMcDoge, has leaked inside information regarding the exchange's troubles. This leak sheds light on the challenges faced by CryptoRush in the past month, including two hacking incidents and unorthodox methods to recover losses. Despite attempts to reassure users with solutions like CryptoRushShares, transparency issues persisted, leading to insolvency. DogeyMcDoge's confession has been confirmed by CryptoRush's administrators, who announced an official statement forthcoming. Meanwhile, CryptoRush has appointed a new CEO and promised to reimburse stolen funds. However, doubts linger about the exchange's ability to address its issues effectively<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. | ||
|- | |||
|May 9th, 2021 11:22:00 AM MDT | |||
|PasteBin Information Censored | |||
|The PasteBin information about this case is removed from the site<ref>[https://pastebin.com/eLkPxLWi DogeyMcDoge Pastebin] (Accessed Mar 1, 2024)</ref>. | |||
|} | |} | ||
== Technical Details == | |||
<ref>https://web.archive.org/web/20190624173514/https://pastebin.com/qW3xRmcL (Accessed Feb 27, 2024)</ref> | <ref>https://web.archive.org/web/20190624173514/https://pastebin.com/qW3xRmcL (Accessed Feb 27, 2024)</ref> | ||
Revision as of 12:46, 1 March 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The primary issue here appears to be numerous exploits in the various alt coin withdrawal processes which CryptoRush handled through hot wallets. This seems to be based on the service being quickly coded in a few short months.
This exchange or platform is based in United States, or the incident targeted people primarily in United States.[1][2][3][4][5]
About CryptoRush
While CryptoRush used a .in extension[6] which is the country code of India, the exchange was actually based in the United States. CryptoRush appears to favour small alternate currencies, and was aiming to be a top cryptocurrency exchange[7]. The founder was reportedly named Kristian, while the other team members were reportedly named Matt and Chris, who joined after beta[7].
Crypto Rush strives to help give all coins a chance. We aim to be at the top of the crypto currency exchanges as we grow, we offer low fees compared to other exchanges. We also want to give new coins a chance and have a low cost system to help get coins in. When a coin goes down, users will be automatically alerted via twitter and e-mail and the markets suspended to secure your coins! Thank you for using Crypto Rush!
Crypto Rush started by the owner Kristian in 2014 was originally to be just one market. But soon evolved into more, and even more. Matt joined the team fairly soon into development as co-owner, within a fortnight the basis was written from the ground up with security in mind.
When beta launched, Chris joined the team and helped increase productivity with his skillset
The Frequently Asked Questions (FAQ) page for Crypto Rush offers valuable information for users encountering various issues while using the platform. It addresses common login and activation problems, advises users to use their email address for authentication, and offers manual activation assistance if necessary. The FAQ also covers issues related to negative balances after placing orders, attributing them to rounding errors and assuring users that they usually resolve automatically within 30 minutes. For discrepancies in order fulfillment, users are encouraged to contact support for investigation and can review their transaction history for clarity. Regarding deposit recognition delays, the FAQ explains the process and encourages users to verify deposits on the blockchain while providing a manual update option. It also assures users of the platform's security measures and offers assistance for any redirection issues.[8]
Furthermore, the FAQ lists supported coins on the platform, providing users with comprehensive information about the available cryptocurrencies for trading. It clarifies the fees charged by Crypto Rush, including buying and selling fees, withdrawal fees, and fees for accepting new coins, aiming to offer competitive rates and superior service. Additionally, the FAQ explains the varying withdrawal fees for different coins, attributing them to both platform fees and network transaction fees. It also addresses users' inquiries about purchasing coins directly from Crypto Rush, emphasizing that while plans exist, this feature is not currently available. Moreover, the FAQ reassures users about the safety of their coins, detailing the platform's security measures and separate storage for wallets. Lastly, it explains the trading engine's limitations, such as the trade rate matching and order fulfillment process, while offering guidance on resolving balance discrepancies caused by sync issues.[8]
The Reality
Every coin supported increases the attack surface against a platform, since an issue in one coin could inflate the user's balance and allow them to trade against other coins.
Signs of limited experience were visible from the FAQ page of CryptoRush.in itself[8].
- A FAQ entry reported on an outstanding issue with negative balances, which had not been corrected, and suggested the possibility that users might have even larger negative balances. Negative balances suggest a vulnerability in the platform, which could be exploited for further loss[8].
- A FAQ entry mentioned that using email addresses was more secure than using usernames. It is not clear how this is the case, since many exploits can start from the user's email address being compromised, and one of the steps in exploiting to recover an account is often obtaining access to recovery points such as the email address. There is likely to be a similar number of breaches of username/password combinations in comparison to email/password combinations for users who reuse passwords. The only case where this could be useful is if the username is publicly visible on the platform itself, and it's not clear whether or not this is the case[8].
What Happened
The CryptoRush platform was exploited, with the attacker managing to withdraw 950 BTC and 2500 LTC.
| Date | Event | Description |
|---|---|---|
| March 11th, 2014 | Date Widely Cited | The date of the incident as reported by sources including Kyle Gibson[1]. |
| March 26th, 2014 5:02:01 AM MDT | Insider Information Leak | A CCN article sheds visibility into the lack of funds in the CryptoRush exchange platform[9]. A support worker at CryptoRush, named DogeyMcDoge, has leaked inside information regarding the exchange's troubles. This leak sheds light on the challenges faced by CryptoRush in the past month, including two hacking incidents and unorthodox methods to recover losses. Despite attempts to reassure users with solutions like CryptoRushShares, transparency issues persisted, leading to insolvency. DogeyMcDoge's confession has been confirmed by CryptoRush's administrators, who announced an official statement forthcoming. Meanwhile, CryptoRush has appointed a new CEO and promised to reimburse stolen funds. However, doubts linger about the exchange's ability to address its issues effectively[9]. |
| May 9th, 2021 11:22:00 AM MDT | PasteBin Information Censored | The PasteBin information about this case is removed from the site[10]. |
Technical Details
https://www.ccn.com/cryptorush-support-worker-leaks-inside-info
Total Amount Lost
Losses were reportedly up to 950 BTC[1] and 2500 LTC[4].
The total amount lost has been estimated at $800,000 USD[1].
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
"The guilt was starting to build up inside of me. I answered very few tickets the week of the 16th. I was conflicted, but I worked at my full time job >40 hours that week, so it kept my mind off of things a little. The issues continued. I kept suggesting ways we could maybe get some BTC back, arbitrage, etc. We didn’t even have enough funds for that. I wanted so bad for the exchange to stay afloat, thinking “Maybe tomorrow will bring us back our volume!” But alas, the problems with Zeit, and BTC withdrawals killed our volume. There was no coming back."
The issue was featured on several lists including Kyle Gibson[1], and the Idex Blog[4].
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
The exchange issued a “Debt Management Plan” which outlined plans and potential refunds for victims[4].
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Coming soon.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 1.3 1.4 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Jan 25, 2020)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
- ↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
- ↑ 4.0 4.1 4.2 4.3 A Complete List of Cryptocurrency Exchange Hacks [Updated] - Idex Blog Archive February 15th, 2021 4:34:24 AM MST (Accessed Mar 26, 2022)
- ↑ Bitcoin’s Correction Could Well Have Shaken Out Potentially Damaging Investors - CoinTelegraph (Mar 26, 2022)
- ↑ CryptoRush Homepage Archive March 17th, 2014 5:05:38 AM MDT (Accessed Mar 1, 2024)
- ↑ 7.0 7.1 About CryptoRush Archive March 1st, 2014 11:56:08 PM MST (Accessed Mar 1, 2024)
- ↑ 8.0 8.1 8.2 8.3 8.4 CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST (Accessed Mar 1, 2024)
- ↑ 9.0 9.1 CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT (Accessed Feb 27, 2024)
- ↑ DogeyMcDoge Pastebin (Accessed Mar 1, 2024)
- ↑ https://web.archive.org/web/20190624173514/https://pastebin.com/qW3xRmcL (Accessed Feb 27, 2024)