Kronos.io Pre-Launch Bitcoin Heist: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(COMPLETE 30 minutes. Integrated information from Internet Archive. Extensive search of Google for more sources. Integrated information from Reddit interview with Jonathan Ryan Owens. Integration of information from the interview about Kronos and improved the source. More information integrated from Vitalik Buterin article in the Bitcoin Magazine. Integrated information from a post by Ichthyo at the time of the proposed exchange platform launch. Integrated information from a large number of other)
m (Azoundria moved page Kronos Hack to Kronos.io Pre-Launch Bitcoin Heist: More descriptive title.)
(No difference)

Revision as of 16:16, 18 September 2024

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Kronos.io was an Italian cryptocurrency exchange. It looks like one of the developers deliberately made the withdrawal wallets hackable so that they could withdraw the entirety of the funds. The rest of the team had incredibly weak or no insight into security.

[1][2][3][4]

About Kronos.io

Kronos.io was a margin trading platform founded by Jonathan Ryan Owens[4], who at the time had recently founded other projects including Ringcoin and Zipconf[4].

"Kronos.io [was] a Bitcoinica-esque startup" "Kronos.io hired several well-known Bitcoin personalities to do work with HTML and coding."

The margin trading platform was ultimately never completed and launched for the public[5].

GLBSE Funding Round

Kronos.is applied for funding on the GLBSE. A description of the project is as follows[6]:

Kronos is Bitcoinica on steroids - a leveraged trade platform built with security and urgency in mind. Kronos does not handle USD and leverages ZipConf for immediate deposits and GoxBTC withdrawals. That is, instead of waiting ~2h to be credited with BTC you deposit, you’ll be credited in 10-15 seconds. ZipConf has been extensively tested, and were a double-spend to successfully be executed, ZipConf is insuring the loss, so it wouldn’t affect Kronos. While it only uses BTC, you are still able to open positions shorting and going long with BTC due to the infrastructure behind Kronos.

The Reality

"One of the[ hired individuals] was Alberto Armandi, who was related to Bitscalper, a scam earlier that year."

What Happened

"Kronos.io was hacked in an event shrouded in mystery even today. Led by Jonathon Ryan Owens, who was simultaneously running other new startups on GLBSE (an upstart Bitcoin “stock exchange”)"

Key Event Timeline - Kronos Hack
Date Event Description
May 14th, 2012 7:45:58 PM MDT Kronos Website Sign Up Page The Kronos website is captured by the Internet Archive[7]. The exchange simply has a Sign Up text and a log in form. From the Internet Archive, it appears that the Sign Up link may not even be functional[7].
May 2012 Alberto and Jonathon Meet "Now, fast forward to around April/May 2012 : I happened to get in touch with Jonathan Ryan Owens, who since the start of our relationship pictured himself as a sort of "Mr. Big" in the Bitcoin world and shown to be able to use language fluenty, and to be able to convince anybody that he's actually skilled and a serious business man."
May 21st, 2012 4:16:15 PM MDT Initial Thread On BitcoinTalk This is the first time a thread is found on BitcoinTalk which discusses the anticipated kronos.io launch[8]. There are some questions about the security and team of the new project, and the relationship to RingCoin.
May 23rd, 2012 10:17:59 PM MDT Kronos.io BitcoinTalk Account Set Up The Kronos.io BitcoinTalk account is first set up on the BitcoinTalk forums. This account would later be sometimes used to provide support to Kronos users[9].
May 24th, 2012 7:20:18 AM MDT First Impressions BitcoinTalk Thread A thread is started on BitcoinTalk by the user tbcoin, who was given beta access to the Kronos.io platform. They find multiple bugs on the platform, however the support is ultimately able to restore and return their funds during the testing phase[10].
May 24th, 2012 12:40:29 PM MDT Invite Codes By Lottery Only A user posts on BitcoinTalk to try to request an invite code, and is told that there's a limited opportunity to get them and they are being distributed on a lottery basis[11].
May 26th, 2012 8:26:27 PM MDT Mt. Gox USD Voucher Redemption User chsados notes that they attempted to deposit a $15 USD code from Mt. Gox on the Kronos website, which is apparently live and functional. Unfortunately, their code is used and they are not credited with the $15 USD, however the Kronos support team provides them with a $15 reimbursement[12].
May 27th, 2012 6:17:08 PM MDT Kronos Bonds Public Offering A thread on BitcoinTalk announces a public offering of shares issued by one of the Kronos investors (with username Kluge)[6]. These will pay out a small yield based on the profitability of the Kronos platform once it launches. The publis offering is scheduled for June 15th[6].
May 28th, 2012 9:03:30 PM MDT BitcoinTalk Post By Ichthyo A post is made by BitcoinTalk user Ichthyo seeking detailed information about Kronos.io, which is currently in alpha/beta testing[13]. Ichthyo acknowledges that the site hasn't officially launched yet and that more precise details will emerge soon. They note that Kronos.io is expected to offer better security than Bitcoinica but are more concerned about understanding its financial structure and business model. They ask a number of questions around liquidity, position backing, risk management, trade execution, exchange rates, margin calculations, and dynamic adjustments[13].
May 29th, 2012 1:46:39 PM MDT Open Beta Period Closed The website reportedly closes the open beta period, and all beta accounts will be closed. "We're moving into phase two of our launch plan, which is a security hardening phase. We'll be going incognito for the rest of our development timeline so we can move to dedicated hardware, initiate penetration testing, and complete our comprehensive security audit."[14]
May 30th, 2012 12:05:18 PM MDT Kronos Bonds Fall Through A thread mentions that the issuance of the Kronos bond on the GLBSE has fallen through and is no longer allowed[15]. There is some optimism of sorting out the issues with GLBSE, however the thread also discusses alternative methods of raising funds which Kluge intends to employ, including launching his own fundraising platform[15].
May 31st, 2012 7:20:44 PM MDT Interview Shared On Reddit An interview with Jonathan Ryan Owens, the founder of Kronos.io, is conducted and posted on Reddit[16].
June 6th, 2012 7:14:52 PM MDT Ellet Plug-In Integration A thread suggests that the Ellet, a new hardware wallet device, may feature a plug-in for kronos.io trading[17].
June 14th, 2012 12:36:26 PM MDT Kronos Website Redirect Capture The Kronos website is again captured, however in this case it's a redirect (3xx status code). It's unclear what the state of the website was at this point in time[18].
June 15th, 2012 10:01:18 PM MDT Armando Makes Announcement A BitcoinTalk thread is posted apparently by Armando, "Kronos.io Lead Developer & co-founder". In this thread, he announces the launch of the platform shortly[19].
June 20th, 2012 6:04:16 PM MDT Armando Announces BitDayTrade Armando announces a new project named BitDayTrade, which is reportedly going to be similar to Bitcoinica. This suggests that, at this point, he may have transitioned away from the Kronos project[20].
July 3rd, 2012 6:37:23 AM MDT Follow Up Post On Update Thread BitcoinTalk user hazek posts an reply on the Kronos development thread asking for an update, as it's been a month since there has been any news about the platform[21].
August 4th, 2012 11:33:47 PM MDT Alberta Not Associated It is noted that "Bitdaytrade is Alberto's project, he used to do development work for kronos' group but he's no longer associated with them"[22].
August 8th, 2012 2:24:30 PM MDT Website Not Loading For Over A Month The kronos.io website has reportedly not been loading for over a month at this point. Other users corroborate that they have been similarly unable to access the website[23].
August 16th, 2012 6:18:45 PM MDT Alberto Response Post Alberto posts his personal details and story accusing Jonathan Ryan Owens of using a small hack to justify the theft of the remaining bitcoins[24].
August 28th, 2012 3:34:50 AM MDT hazek Mention Of Events In a forum response, BitcoinTalk user hazek mentions a summary of what happened - "AFAIK they went into open beta with some serious security holes that may or may not have been put there intentionally by one of the owners(code writers) which led to a 4kBTC hack right off the bat which was too much damage for them to recover from."[25].
November 22nd, 2012 9:15:22 PM MST Mention By Vitalik Buterin In an article, Vitalik Buterin mentions the kronos.io project, which was never completed. "Since then, there have been a number of disparate efforts to bring margin trading back. Almost as soon as Bitcoinica fell, a company named RingCoin announced Kronos.io, a product which looked like it could be a superior upstart competitor that would not suffer from the security faults of its predecessor. However, kronos.io was never completed, and RingCoin is now defunct."[5]
January 4th, 2013 7:57:39 AM MST Kronos Website Definitely Offline The Kronos website homepage displays a page which states that "It works" and "This is the default web page for this server" because "no content has been added, yet"[26]. It would appear certain that the exchange is offline at this point.
February 1st, 2022 4:50:36 PM MST Kronos.io Login At BitcoinTalk The Kronos.io account logs into BitcoinTalk for the final time[9].

Technical Details

Total Amount Lost

The total amount lost has been estimated at $43,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Alberto Armandi reportedly hacked into the website he himself helped code. The vulnerability was in the withdrawal script that Alberto coded, reportedly intentionally as a backdoor. Although incredible, Armandi has also released a story denying he hacked the website. Instead, he blamed the theft on Jonathon Ryan Owens intentionally pocketing the majority of the funds with only 1000 BTC being stolen by an unknown hacker."

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

The storage of all cryptocurrency in a proper offline multi-signature wallet prevents theft by any individual party, since such a party would need the approval or breach of multiple other members of the team to spend the funds. Given operators properly educated in the protection of funds, such an attack would be entirely limited to the balance in the hot wallets in the worst case. Stronger education for exchange operators can also help ensure that they are aware of the risks.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] - BitcoinTalk (Accessed Jan 28, 2020)
  2. Jonathan Ryan Owens locked Rebate, Zip.A, Alberto & BDT thread - BitcoinTalk (Accessed Feb 15, 2020)
  3. List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Accessed Feb 15, 2020)
  4. 4.0 4.1 4.2 An Interview with Jonathan Ryan Owens of Kronos.io, Hermes and Ringcoin. - Atlas & Bitcoin Archive June 3rd, 2012 5:11:25 PM MDT (Accessed Sep 3, 2024)
  5. 5.0 5.1 BitFinex: Bitcoinica Rises from the Grave - Bitcoin Magazine (Accessed Sep 17, 2024)
  6. 6.0 6.1 6.2 [GLBSE] Kronos Floating Bond, IPO on June 15th - BitcoinTalk (Accessed Sep 17, 2024)
  7. 7.0 7.1 Kronos Homepage Archive May 14th, 2012 7:45:58 PM MDT (Accessed Sep 17, 2024)
  8. www.kronos.io - "bitcoinica" replacement? - BitcoinTalk (Accessed Sep 17, 2024)
  9. 9.0 9.1 Summary - Kronos.io - BitcoinTalk (Accessed Sep 17, 2024)
  10. First impressions-Kronos.io - BitcoinTalk (Accessed Sep 17, 2024)
  11. kronos.io invite code please? - BitcoinTalk (Accessed Sep 17, 2024)
  12. Kronos.io deposit problem! - BitcoinTalk (Accessed Sep 17, 2024)
  13. 13.0 13.1 Kronos.io questions and properties - BitcoinTalk (Accessed Sep 17, 2024)
  14. Kronos Development Update - BitcoinTalk (Accessed Sep 17, 2024)
  15. 15.0 15.1 BDK, BDK.BND, REBATE, Zip.A, Kronos.BND, Hermes Update Thread - BitcoinTalk (Accessed Sep 17, 2024)
  16. An Interview with Jonathan Ryan Owens of Kronos.io, Hermes and Ringcoin. - Reddit (Accessed Sep 17, 2024)
  17. [ANN] The world's first handheld Bitcoin device, the Ellet! - BitcoinTalk (Accessed Sep 17, 2024)
  18. Kronos Homepage Captures - Internet Archive (Accessed Sep 17, 2024)
  19. Coming soon - Gold and commodities trading with bitcoin - BitcoinTalk (Accessed Sep 17, 2024)
  20. https://bitdaytrade.com Bitcoin Gold & Commodities margin trading - BitcoinTalk (Accessed Sep 17, 2024)
  21. hazek - "It's a month later, do you guys have any news?" - BitcoinTalk (Accessed Sep 17, 2024)
  22. Meni Rosenfeld - "Bitdaytrade is Alberto's project, he used to do development work for kronos' group but he's no longer associated with them." - BitcoinTalk (Accessed Sep 17, 2024)
  23. AsymmetricInformation - "For the past month or so, kronos.io website has not loaded for me at all (just times out)." - BitcoinTalk (Accessed Sep 17, 2024)
  24. bitdaytrade - "My name is Alberto Armandi, i was born in Italy, 19/09/1983. I'm an internet entrepreneur who got caught in the Bitcoin phenomena about one and a half year ago." - BitcoinTalk (Accessed Sep 3rd, 2024)
  25. hazek - "AFAIK they went into open beta with some serious security holes that may or may not have been put there intentionally by one of the owners(code writers) which led to a 4kBTC hack right off the bat which was too much damage for them to recover from." - BitcoinTalk (Accessed Feb 15, 2020)
  26. Kronos Homepage Archive January 4th, 2013 7:57:39 AM MST (Accessed Sep 17, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Kronos.io_Pre-Launch_Bitcoin_Heist&oldid=6122"