Bitcurex Targeted by Hacking: Difference between revisions
(COMPLETE Another 30 minutes. Prevention section filled in. Reviewing and tweaking article further. Added CCN article. Added Cyber Defense Magazine. Added CoinDesk article. Added Reddit link.) |
(Another 30 minutes. Added information on the future of Bitcurex based on a more recent article from 2017. Updated every section to replace template parts. Integrated Reddit source.) |
||
| Line 1: | Line 1: | ||
{{Case Study Under Construction}}[[File:Bitcurex.jpg|thumb|Bitcurex Logo/Homepage]]The Bitcurex platform featured a magical money duplication “feature”. The hacker used their “magic money” to purchase all the bitcoin on the platform. It appears they managed to make off with 1,323 bitcoin before the issue was discovered. The exchange continued operation after this hack without revealing what had happened to any customers. | {{Case Study Under Construction}}[[File:Bitcurex.jpg|thumb|Bitcurex Logo/Homepage]]The Bitcurex platform featured a magical money duplication “feature”. The hacker used their “magic money” to purchase all the bitcoin on the platform. It appears they managed to make off with 1,323 bitcoin before the issue was discovered. The exchange continued operation after this hack without revealing what had happened to any customers. | ||
== About Bitcurex == | == About Bitcurex == | ||
| Line 50: | Line 48: | ||
|Further Polish Explanation | |Further Polish Explanation | ||
|Bitcurex posts an update on Facebook that they have successfully stopped a hacking attack on Bitcurex, preventing significant theft of BTC funds. Most funds in our Hot Wallet, as well as all Cold Wallet and FIAT funds, are safe. Our team has resolved the issue and is working on resuming service. We'll update you on the full restoration date soon. Thank you for your support<ref name=":4">[https://www.facebook.com/Bitcurex/posts/pfbid0iE99r2GCgT2EzG4n5vQWRXqnd8kZLiK7ZvzJEQKb2Yc4ocHtfyNjEDoPryabAdetl Bitcurex - "We managed to thwart a hacker attack on the Bitcurex website, preventing the mass theft of our users' BTC funds. Thanks to automatic security procedures, the hackers managed to embezzle only part of the funds stored on the operational Bitcurex Hot Wallet." - Facebook] (Accessed Feb 27, 2024)</ref>. . | |Bitcurex posts an update on Facebook that they have successfully stopped a hacking attack on Bitcurex, preventing significant theft of BTC funds. Most funds in our Hot Wallet, as well as all Cold Wallet and FIAT funds, are safe. Our team has resolved the issue and is working on resuming service. We'll update you on the full restoration date soon. Thank you for your support<ref name=":4">[https://www.facebook.com/Bitcurex/posts/pfbid0iE99r2GCgT2EzG4n5vQWRXqnd8kZLiK7ZvzJEQKb2Yc4ocHtfyNjEDoPryabAdetl Bitcurex - "We managed to thwart a hacker attack on the Bitcurex website, preventing the mass theft of our users' BTC funds. Thanks to automatic security procedures, the hackers managed to embezzle only part of the funds stored on the operational Bitcurex Hot Wallet." - Facebook] (Accessed Feb 27, 2024)</ref>. . | ||
|- | |||
|March 16th, 2014 10:45:05 AM MDT | |||
|Reddit Discussion | |||
|The current situation and announcements are discussed as part of the "Daily Discussion" on Reddit<ref>[https://www.reddit.com/r/BitcoinMarkets/comments/20j3iz/daily_discussion_sunday_march_16_2014/ <nowiki>[Daily Discussion] Sunday, March 16, 2014 - Reddit</nowiki>] (Accessed Mar 13, 2024)</ref>. | |||
|- | |- | ||
|March 14th, 2014 11:08:00 AM MDT | |March 14th, 2014 11:08:00 AM MDT | ||
| Line 70: | Line 72: | ||
|CCN Article On Relaunch | |CCN Article On Relaunch | ||
|CCN reports that the Bitcurex platform has relaunched successfully<ref name=":6">[https://www.ccn.com/breaking-promised-bitcurex-resumes-operations-tuesday/ BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN] (Accessed Mar 12, 2024)</ref>. Bitcurex has resumed operations following a major hacking attempt that threatened the security of the exchange. After halting trades to investigate the attack, Bitcurex confirmed that a malicious user had attempted to acquire 19,000 BTC through a fraudulent buy order, but the site was swiftly shut down to prevent further damage. In a statement, Bitcurex reassured users that only a portion of funds from the Hot Wallet were affected, with the majority of funds from both the Hot Wallet and the Cold Wallet remaining secure. The exchange pledged to restore normal service and conduct an external audit to ensure future security. True to their word, Bitcurex resumed PLN operations on March 18 and promised to restore EUR operations on March 20. Additionally, they committed to covering hot wallet losses and reset all user passwords for added security. While prices initially dipped upon the exchange's return, they are gradually stabilizing<ref name=":6">[https://www.ccn.com/breaking-promised-bitcurex-resumes-operations-tuesday/ BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN] (Accessed Mar 12, 2024)</ref>. This swift response to the hacking attempt demonstrates Bitcurex's ability to effectively manage crises and maintain user trust, in contrast to past incidents like Mt. Gox. Further updates can be found on the Bitcurex website and Facebook page<ref name=":6">[https://www.ccn.com/breaking-promised-bitcurex-resumes-operations-tuesday/ BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN] (Accessed Mar 12, 2024)</ref>. | |CCN reports that the Bitcurex platform has relaunched successfully<ref name=":6">[https://www.ccn.com/breaking-promised-bitcurex-resumes-operations-tuesday/ BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN] (Accessed Mar 12, 2024)</ref>. Bitcurex has resumed operations following a major hacking attempt that threatened the security of the exchange. After halting trades to investigate the attack, Bitcurex confirmed that a malicious user had attempted to acquire 19,000 BTC through a fraudulent buy order, but the site was swiftly shut down to prevent further damage. In a statement, Bitcurex reassured users that only a portion of funds from the Hot Wallet were affected, with the majority of funds from both the Hot Wallet and the Cold Wallet remaining secure. The exchange pledged to restore normal service and conduct an external audit to ensure future security. True to their word, Bitcurex resumed PLN operations on March 18 and promised to restore EUR operations on March 20. Additionally, they committed to covering hot wallet losses and reset all user passwords for added security. While prices initially dipped upon the exchange's return, they are gradually stabilizing<ref name=":6">[https://www.ccn.com/breaking-promised-bitcurex-resumes-operations-tuesday/ BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN] (Accessed Mar 12, 2024)</ref>. This swift response to the hacking attempt demonstrates Bitcurex's ability to effectively manage crises and maintain user trust, in contrast to past incidents like Mt. Gox. Further updates can be found on the Bitcurex website and Facebook page<ref name=":6">[https://www.ccn.com/breaking-promised-bitcurex-resumes-operations-tuesday/ BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN] (Accessed Mar 12, 2024)</ref>. | ||
|- | |||
|October 2016 | |||
|Bitcurez Shuts Down | |||
|"In October 2016, the troubled bitcoin exchange shut down its exchange operations after losing 2300 bitcoins (approx. $1.5 million at the time), citing an “external interference in automated data collection and processing of information”. Digital Future, the exchange platform’s operator, claimed to have filed a report with the Łódź district prosecutor’s office of the losses it suffered."<ref name=":8">[https://www.ccn.com/bitcoin-exchange-bitcurexs-shutdown-investigated-polish-prosecutor/ Shutdown of Bitcoin Exchange Bitcurex Under Investigation by Polish Prosecutor - CCN] (Accessed Mar 13, 2023)</ref> | |||
|- | |||
|November 30th, 2016 | |||
|Claimed Relaunch Date | |||
|"The notice indicated services to resume on or before November 30, 2016. The operator claimed to ink a recapitalization agreement with an investor to resume services and allow users to withdraw funds." The relaunch did not happen as promised<ref name=":8" />. | |||
|- | |||
|March 16th, 2017 12:35:05 PM MDT | |||
|CCN Article On Investigation | |||
|CCN reports that the District Prosecutor’s Office in Łódź, Poland, has initiated an investigation into Bitcurex, the country's first bitcoin exchange, which ceased operations in October 2016 after losing 2300 bitcoins<ref name=":8" />. Despite claims of a recapitalization agreement with an investor to resume services, Bitcurex has remained offline, prompting the prosecutor's office to oversee an investigation into the losses suffered by users<ref name=":8" />. This move comes amid Poland's generally favorable stance towards bitcoin and blockchain technology, with the government showing interest in cooperation with the industry for the future of cryptocurrencies<ref name=":8" />. | |||
|- | |- | ||
|December 18th, 2017 6:01:07 PM MST | |December 18th, 2017 6:01:07 PM MST | ||
| Line 77: | Line 91: | ||
== Technical Details == | == Technical Details == | ||
The attack was able to take a portion of the funds in the Bitcurex hot wallet. | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost has been estimated at $844,000 USD. | The total amount lost has been estimated at $844,000 USD. | ||
== Immediate Reactions == | == Immediate Reactions == | ||
The Bitcurex platform reported and updated users regularly through social media via their Facebook account<ref name=":1" />. | |||
=== Facebook Announcements Throughout the Process === | === Facebook Announcements Throughout the Process === | ||
| Line 156: | Line 168: | ||
== Ultimate Outcome == | == Ultimate Outcome == | ||
The Bitcurex platform claimed to cover all losses and continued to operate until [[Bitcurex Exchange Hack|October 2016, when another hack brought down the platform]]. | |||
=== Inclusion/Recognition In Lists === | === Inclusion/Recognition In Lists === | ||
| Line 162: | Line 174: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
The Bitcurex platform continued to operate and claimed that they would fully cover all losses<ref name=":0" />. The platform continued to operate until 2016, when [[Bitcurex Exchange Hack|another hack ultimately resulted in closure]]<ref name=":8" />. | |||
== Ongoing Developments == | == Ongoing Developments == | ||
The events around the closure of the Bitcurex platform may be the subject of investigation by Polish authorities<ref name=":8" />. | |||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals:Avoid Third Party Custodians}} | {{Prevention:Individuals:Avoid Third Party Custodians}} | ||
Revision as of 16:08, 13 March 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
The Bitcurex platform featured a magical money duplication “feature”. The hacker used their “magic money” to purchase all the bitcoin on the platform. It appears they managed to make off with 1,323 bitcoin before the issue was discovered. The exchange continued operation after this hack without revealing what had happened to any customers.
About Bitcurex
The Bitcurex exchange platform is based in Poland.
Archive Homepage: [1]
The Reality
There is limited motivation and significant risk for a platform to disclose a breach. The likely outcome of such a disclosure is that customers will panic and large-scale withdrawals will ensue.
What Happened
The Bitcurex platform was hacked and 1,323 bitcoin were stolen.
| Date | Event | Description |
|---|---|---|
| February 25th, 2014 8:52:00 AM MDT | Report About Mt. Gox | Bitcurex publishes an official statement about the situation with Mt. Gox on their Facebook page[2]. |
| March 14th, 2014 3:37:00 AM MDT | Initial Facebook Announcement | The Bitcurex platform posts a notification on Facebook in Polish that they have temporarily suspended the website for verification purposes and that they will provide further appropriate information after the verification is complete[3]. |
| March 14th, 2014 4:06:00 AM MDT | Announcement Posted In English | Bitcurex posts an announcement in English that they "decided to temporarily shut down [thei]r service" due "to an error and ongoing maintenance works"[4]. |
| March 14th, 2014 7:45:00 AM MDT | Security Procedure Announcement | The Bitcurex posts that "funds are safe". The website has reportedly been disabled as part of security procedures[5]. |
| March 14th, 2014 8:16:20 AM MDT | Platform Shutdown Reported | NewsBTC reports that the Bitcurex platform had shut down[6]. Bitcurextemporarily halted trading due to issues that initially seemed unrelated to a hack. However, the company later revealed that they had successfully blocked a hacking attempt, which resulted in only a portion of funds stored in the operational Hot Wallet being defrauded[6]. The majority of funds from the Hot Wallet, as well as all funds from the Cold Wallet and FIAT monetary funds, remained secure[6]. Although the exact amount lost was not disclosed, Bitcurex assured that it was manageable and only a part of their Hot Wallet was affected. They have since identified and removed the source of the problem but cannot specify when trading will resume. An external audit is currently underway to further investigate the incident, and updates will be provided as more information becomes available[6]. |
| March 14th, 2014 8:23:00 AM MDT | English Safety Procedures | Bitcurex posts an update in English that "funds are secure" and the "current shutdown results from safety procedures"[7]. |
| March 14th, 2014 8:52:40 AM MDT | CoinDesk Article Published | CoinDesk publishes an article reporting on the Bitcurex hack[8]. Poland's leading bitcoin exchange, Bitcurex, faced a temporary shutdown due to a hacking attack targeting funds in users' bitcoin wallets. The exchange announced the site closure on Facebook, attributing it to an "error and ongoing maintenance works." Bitcurex staff emphasized the closure was necessary for IT verification. Despite assurances of optimism from company representatives, the incident stirred concerns among users and cryptocurrency forums. Bitcurex later released a statement confirming the hacking attempt, stating they successfully blocked it but acknowledged a portion of funds from the operational Hot Wallet was compromised. While specific figures regarding the stolen bitcoins were not disclosed, estimates from user accounts and screenshots hinted at significant losses, with offers totaling millions of dollars. This attack came after Bitcurex's efforts to reassure users following the Mt.Gox meltdown, emphasizing their commitment to security. The incident reflects broader challenges faced by cryptocurrency exchanges regarding security vulnerabilities, as evidenced by previous attacks on Poland-based exchanges like Bidextreme.pl. Established in 2012, Bitcurex operates from Łódź, Poland, under Digital Future Ltd. |
| March 14th, 2014 10:27:00 AM MDT | Further Polish Explanation | Bitcurex posts an update on Facebook that they have successfully stopped a hacking attack on Bitcurex, preventing significant theft of BTC funds. Most funds in our Hot Wallet, as well as all Cold Wallet and FIAT funds, are safe. Our team has resolved the issue and is working on resuming service. We'll update you on the full restoration date soon. Thank you for your support[9]. . |
| March 16th, 2014 10:45:05 AM MDT | Reddit Discussion | The current situation and announcements are discussed as part of the "Daily Discussion" on Reddit[10]. |
| March 14th, 2014 11:08:00 AM MDT | Further English Explanation | The update is posted in English as well[11]. |
| March 14th, 2014 11:31:05 AM MDT | Follow Up Statement | NewsBTC reports that Bitcurex has issued a follow up statement. In a follow-up statement, the company says they “successfully blocked a hacking attack,” adding that “Thanks to automatic safety procedures, hackers manages to defraud only a portion of the funds stored in operational Hot Wallet Bitcurex.”[6] |
| March 15th, 2014 7:06:00 AM MDT | Progress Update Polish | Bitcurex posts an update that the IT work is almost complete and testing of the modified system is scheduled for that evening. Users should expect an exact date for the relaunch once the audit is completed[12]. |
| March 15th, 2014 7:46:00 AM MDT | Progress Update English | An English version of the same update was posted[13]. |
| March 17th, 2014 11:40:42 PM MDT | CCN Article On Relaunch | CCN reports that the Bitcurex platform has relaunched successfully[14]. Bitcurex has resumed operations following a major hacking attempt that threatened the security of the exchange. After halting trades to investigate the attack, Bitcurex confirmed that a malicious user had attempted to acquire 19,000 BTC through a fraudulent buy order, but the site was swiftly shut down to prevent further damage. In a statement, Bitcurex reassured users that only a portion of funds from the Hot Wallet were affected, with the majority of funds from both the Hot Wallet and the Cold Wallet remaining secure. The exchange pledged to restore normal service and conduct an external audit to ensure future security. True to their word, Bitcurex resumed PLN operations on March 18 and promised to restore EUR operations on March 20. Additionally, they committed to covering hot wallet losses and reset all user passwords for added security. While prices initially dipped upon the exchange's return, they are gradually stabilizing[14]. This swift response to the hacking attempt demonstrates Bitcurex's ability to effectively manage crises and maintain user trust, in contrast to past incidents like Mt. Gox. Further updates can be found on the Bitcurex website and Facebook page[14]. |
| October 2016 | Bitcurez Shuts Down | "In October 2016, the troubled bitcoin exchange shut down its exchange operations after losing 2300 bitcoins (approx. $1.5 million at the time), citing an “external interference in automated data collection and processing of information”. Digital Future, the exchange platform’s operator, claimed to have filed a report with the Łódź district prosecutor’s office of the losses it suffered."[15] |
| November 30th, 2016 | Claimed Relaunch Date | "The notice indicated services to resume on or before November 30, 2016. The operator claimed to ink a recapitalization agreement with an investor to resume services and allow users to withdraw funds." The relaunch did not happen as promised[15]. |
| March 16th, 2017 12:35:05 PM MDT | CCN Article On Investigation | CCN reports that the District Prosecutor’s Office in Łódź, Poland, has initiated an investigation into Bitcurex, the country's first bitcoin exchange, which ceased operations in October 2016 after losing 2300 bitcoins[15]. Despite claims of a recapitalization agreement with an investor to resume services, Bitcurex has remained offline, prompting the prosecutor's office to oversee an investigation into the losses suffered by users[15]. This move comes amid Poland's generally favorable stance towards bitcoin and blockchain technology, with the government showing interest in cooperation with the industry for the future of cryptocurrencies[15]. |
| December 18th, 2017 6:01:07 PM MST | Cyber Defense Magazine | The incident is included in a list compiled by the Cyber Defense Magazine[16]. |
Technical Details
The attack was able to take a portion of the funds in the Bitcurex hot wallet.
Total Amount Lost
The total amount lost has been estimated at $844,000 USD.
Immediate Reactions
The Bitcurex platform reported and updated users regularly through social media via their Facebook account[3].
Facebook Announcements Throughout the Process
An initial announcement was first posted in Polish[3].
Dear Users,
Due to the irregularities, we have temporarily suspended the website for verification purposes. After its completion, we will provide you with appropriate information.
Kind regards,
Bitcurex Team
Within an hour an announcement was also posted in English[3].
Dear Users,
Due to an error and ongoing maintenance works, we decided to temporarily shut down our service. Further information coming soon.
Regards,
Bitcurex Team
A few hours later, an update was posted in Polish[5].
Dear Users,
Work is underway to restore the operation of the website. At the same time, we would like to inform you that your funds are safe - the website has been disabled as part of security procedures. We will provide you with further, more detailed information in the near future.
Kind regards,
Bitcurex Team
Followed by an English variant of the update[7].
Dear Users,
We are working on resuming our service. We would like to inform you that your funds are secure - current shutdown results from safety procedures. We will soon provide you with further, more detailed information.
Regards,
Bitcurex Team
Details of the attack were posted in Polish[9].
Dear Users,
We managed to thwart a hacker attack on the Bitcurex website, preventing the mass theft of our users' BTC funds. Thanks to automatic security procedures, the hackers managed to embezzle only part of the funds stored on the operational Bitcurex Hot Wallet. Most of the funds present in the Hot Wallet, as well as all of the funds in the Cold Wallet and FIAT cash, remained intact.
Our team located and removed the source of the problem. Work is underway to resume the website, and an external audit is being conducted in parallel: we will soon provide you with the exact date of relaunch of all Bitcurex functionalities. We will provide you with more information in subsequent communications.
We apologize for any inconvenience and, above all, we would like to thank the entire BTC community for their support: we are coming out of this trial stronger.
Kind regards,
Bitcurex Team
As with the others, the update was translated to English[11].
Dear Users,
We successfully blocked a hacking attack on Bitcurex, preventing mass theft of BTC funds of our users. Thanks to automatic safety procedures, hackers managed to defraud only a portion of the funds stored in operational Hot Wallet Bitcurex. The majority of funds from Hot Wallet, as well the entirety of funds from Cold Wallet and FIAT monetary funds remained intact.
Our team located and removed the source of the problem. We are working on resuming normal service, at the same time an external audit is being conducted: we will soon provide the exact date of resuming all Bitcurex functionalities. More information will be provided in further statements.
We are sorry for the inconvenience, and most of all we thank the whole BTC community for the support we received: we were put to a test that will make us stronger.
Best regards,
Bitcurex Team
A further update was provided the next day in Polish[17] and English.
Dear Users,
IT works are almost completed. Internal tests of the modified system are planned today in the evening, after which a final external audit will be carried out. After its positive completion, we will publish a message in which we will provide you with the exact launch date of the website and all necessary details.
Thank you once again for your patience and trust - it means a lot to our entire team.
Kind regards,
Bitcurex Team
Update posted on the website[1].
Dear Users,
First of all, we would like to thank all of you for your patience and understanding that you have shown during the last couple of dozen hours. We thank all our Users from Poland and abroad who contacted us and stressed their faith in resolving this situation in an positive way, despite the black scenarios that everybody must have thought about.
We are proud to inform you that we are resuming our service with all its functionalities on March 18 (Tuesday) at the latest. We will inform you about the exact hour of resuming the service soon. The service will be brought back to its state from before the attack using the backup copies.
The thief did not manage to break our security measures protecting your accounts nor gain full access to operational Hot Wallet Bitcurex. Thanks to our safety procedures, after the initial non- authorised transactions, the thief was prevented from making any further operations. Then the service was shut down to carry out repair works and implement the necessary improvements to our system.
Our internal procedures prevented any further losses, which were limited to between 10 and 20 percent of our operational Hot Wallet Bitcurex. Because of realistic chances of filing criminal charges against those who are responsible, in order to allow an effective official investigation, we prefer not to disclose details that could facilitate destroying evidence.
All the incurred losses were covered from the funds gathered by Digital Future – the owner of Bitcurex. Our fees will not be raised, nor will we introduce any other restrictions.
Ultimate Outcome
The Bitcurex platform claimed to cover all losses and continued to operate until October 2016, when another hack brought down the platform.
Inclusion/Recognition In Lists
The incident is included in a list compiled by the Cyber Defense Magazine[16].
Total Amount Recovered
The Bitcurex platform continued to operate and claimed that they would fully cover all losses[1]. The platform continued to operate until 2016, when another hack ultimately resulted in closure[15].
Ongoing Developments
The events around the closure of the Bitcurex platform may be the subject of investigation by Polish authorities[15].
Individual Prevention Policies
When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 Bitcurex conducted by Digital Future LLC - Homepage Archive March 19th, 2014 1:04:30 PM MDT (Accessed Feb 27, 2024)
- ↑ Bitcurex - "Here You can read our official statement about recent situation with Mt.Gox" - Facebook (Feb 27, 2024)
- ↑ 3.0 3.1 3.2 3.3 Bitcurex - "Due to the irregularities, we have temporarily suspended the website for verification purposes. After its completion, we will provide you with appropriate information." - Facebook (Accessed Mar 27, 2024)
- ↑ Bitcurex - "Due to an error and ongoing maintenance works, we decided to temporarily shut down our service. Further information coming soon." - Facebook (Accessed Feb 27, 2024)
- ↑ 5.0 5.1 Bitcurex - "Work is underway to restore the operation of the website. At the same time, we would like to inform you that your funds are safe - the website has been disabled as part of security procedures. We will provide you with further, more detailed information in the near future." - Facebook (Accessed Feb 27, 2024)
- ↑ 6.0 6.1 6.2 6.3 6.4 Bitcurex Issues-Up Statement Hack Attempt That Halted Trading - NewsBTC (May 8, 2022)
- ↑ 7.0 7.1 Bitcurex - "We are working on resuming our service. We would like to inform you that your funds are secure - current shutdown results from safety procedures. We will soon provide you with further, more detailed information." - Facebook (Accessed Feb 27, 2024)
- ↑ Polish Bitcoin Exchange Bitcurex Targeted by Hacking Attack - CoinDesk (Accessed Mar 12, 2024)
- ↑ 9.0 9.1 Bitcurex - "We managed to thwart a hacker attack on the Bitcurex website, preventing the mass theft of our users' BTC funds. Thanks to automatic security procedures, the hackers managed to embezzle only part of the funds stored on the operational Bitcurex Hot Wallet." - Facebook (Accessed Feb 27, 2024)
- ↑ [Daily Discussion] Sunday, March 16, 2014 - Reddit (Accessed Mar 13, 2024)
- ↑ 11.0 11.1 Bitcurex - "We successfully blocked a hacking attack on Bitcurex, preventing mass theft of BTC funds of our users. Thanks to automatic safety procedures, hackers managed to defraud only a portion of the funds stored in operational Hot Wallet Bitcurex. The majority of funds from Hot Wallet, as well the entirety of funds from Cold Wallet and FIAT monetary funds remained intact." - Facebook (Accessed Feb 27, 2024)
- ↑ Bitcurex - "IT works are almost completed. Internal tests of the modified system are planned today in the evening, after which a final external audit will be carried out. After its positive completion, we will publish a message in which we will provide you with the exact launch date of the website and all necessary details. Thank you once again for your patience and trust - it means a lot to our entire team." - Facebook (Accessed Feb 27, 2024)
- ↑ Bitcurex - "IT work on our service is almost completed. Internal testing of our modified system is scheduled for this evening, then the final external audit will be conducted. As soon as the audit has finished successfully, we will post an announcement with the exact date of resuming our service and all the necessary details. Thank you once again for your patience and trust - it means a lot to our entire team." - Facebook (Accessed Feb 27, 2024)
- ↑ 14.0 14.1 14.2 BREAKING: As Promised, Bitcurex Resumes Operations on Tuesday - CCN (Accessed Mar 12, 2024)
- ↑ 15.0 15.1 15.2 15.3 15.4 15.5 15.6 Shutdown of Bitcoin Exchange Bitcurex Under Investigation by Polish Prosecutor - CCN (Accessed Mar 13, 2023)
- ↑ 16.0 16.1 Bitcoin, BlockChain and Breaches - Cyber Defense Magazine (Accessed Mar 12, 2024)
- ↑ Bitcurex - "IT works are almost completed. Internal tests of the modified system are planned today in the evening, after which a final external audit will be carried out. After its positive completion, we will publish a message in which we will provide you with the exact launch date of the website and all necessary details. Thank you once again for your patience and trust - it means a lot to our entire team." - Facebook (Accessed Feb 27, 2024)