Picostocks “Cold Wallet” Hack: Difference between revisions
No edit summary |
(→Immediate Reactions: Further information incorporated into the wiki article.) |
||
| Line 5: | Line 5: | ||
This exchange or platform is based in Marshall Islands, or the incident targeted people primarily in Marshall Islands. | This exchange or platform is based in Marshall Islands, or the incident targeted people primarily in Marshall Islands. | ||
== About | == About PicoStocks == | ||
PicoStocks is a centralized exchange based in Marshall Islands, which was launched on December 24th, 2012<ref name="coinmarketcap" />. | |||
| Line 32: | Line 32: | ||
== The Reality == | == The Reality == | ||
While Picostocks took care to separate their funds into separate cold and hot wallets, which were kept on separate computers<ref name=":0">[https://www.reddit.com/r/Bitcoin/comments/1rrnua/picostocks_hacked_even_cold_wallet_emptied/ Picostocks hacked, even cold wallet emptied - Reddit] (Feb 8, 2023)</ref>, they also kept encrypted backup copies of the private keys<ref name=":0" />. Rather than set up new wallets when changing over their system, they may have kept operating using their existing wallets. | |||
This sections is included if a case involved deception or information that was unknown at the time. Examples include: | This sections is included if a case involved deception or information that was unknown at the time. Examples include: | ||
| Line 40: | Line 42: | ||
== What Happened == | == What Happened == | ||
Picostocks has speculated that the private keys of the wallet may have been copied in the past and subsequently decrypted<ref name=":0" />. | |||
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it. | The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it. | ||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - | |+Key Event Timeline - PicoStocks “Cold Wallet” Hack | ||
!Date | !Date | ||
!Event | !Event | ||
| Line 52: | Line 56: | ||
|- | |- | ||
|November 1st, 2013 12:00:22 AM | |November 1st, 2013 12:00:22 AM | ||
| | |Breach Event | ||
|The breach occured<ref name="kylegibson" /><ref name="bitcointalklist" /><ref name="bitcoinexchangeguide" />. | |The breach occured<ref name="kylegibson" /><ref name="bitcointalklist" /><ref name="bitcoinexchangeguide" />. | ||
|- | |- | ||
| | | | ||
| | |Reddit Post | ||
| | |Picostocks posts on the Bitcoin subreddit to announce the situation which happened<ref name=":0" />. | ||
|- | |- | ||
| | | | ||
| Line 65: | Line 69: | ||
== Total Amount Lost == | == Total Amount Lost == | ||
Funds were removed from both the hot wallet and cold wallet of PicoStocks. | |||
The hot wallet had BTC<ref>[http://blockchain.info/address/1NzM1bdTKuK9z3pQUCc1raXPezYUenSNWj Picostocks Hot Wallet - Blockchain.info] (Feb 8, 2023)</ref>. | |||
The cold wallet had BTC<ref>[https://blockchain.info/address/12RAM7r4EraZ5ESU5QJwe8sS3gj3YYEgpF Picostocks Cold Wallet - Blockchain.info] (Feb 8, 2023)</ref>. | |||
The loss amount was estimated at $6,000,000 by Reddit user Godfreee<ref>[https://www.reddit.com/r/Bitcoin/comments/1rrnua/comment/cdq6gzl/ Reddit User Godfreee's estimate - Reddit] (Feb 8, 2023)</ref>. | |||
The total amount lost is unknown. | The total amount lost is unknown. | ||
| Line 70: | Line 82: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
PicoStocks posted an announcement about what happened in the bitcoin subreddit<ref name=":0" />.<blockquote>PicoStocks is down for a while and will remain like this for sure over the weekend. Funds from our hot wallet and cold wallet account have been stolen. | |||
There is no sign of an intrusion into the systems. Both wallets were located on different computers. We suspect that these have been copied by people who had access to the system in the past and decrypted. | |||
This is of course a serious loss for the company, but we expect no losses for the users. the funds collected on user account will be returned. We will have to create a new hot wallet and we will change all PicoStocks addresses for all users, but the rest will remain as it was. We will open the system when we have positively reviewed the security and collected the funds for the users :-( Maybe in 1 week from now :-(</blockquote>Multiple users heavily criticized Picostocks for operating their cold wallet on a networked computer<ref>[https://www.reddit.com/r/Bitcoin/comments/1rrnua/comment/cdq6aan/ servowire Comment - Reddit] (Feb 8, 2023)</ref><ref>[https://www.reddit.com/r/Bitcoin/comments/1rrnua/comment/cdq81rr/ thekiwi99 Comment - Reddit] (Feb 8, 2023)</ref>, but there is no indication that this was the way the wallet had operated. The response with the most upvotes on Reddit concluded that the Picostocks platform either deserved their loss or was attempting a scam<ref>[https://www.reddit.com/r/Bitcoin/comments/1rrnua/comment/cdq680f/ riplin Comment - Reddit] (Feb 8, 2023)</ref>. | |||
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | ||
== Ultimate Outcome == | == Ultimate Outcome == | ||
PicoStocks promised a timeline of 1 week to relaunch their platform. | |||
PicoStocks appears to still be operating as of February 8th, 2023<ref name="coinmarketcap" />. | |||
| Line 79: | Line 100: | ||
== Total Amount Recovered == | == Total Amount Recovered == | ||
Picostocks promised users that they would return all "the funds collected on user account"<ref name=":0" />. | |||
It is unknown how much was recovered. | It is unknown how much was recovered. | ||
| Line 87: | Line 110: | ||
== Prevention Policies == | == Prevention Policies == | ||
This situation could have been most effectively prevented by the use of a multi-signature wallet, rather than a single private key. In such a setup, the cold storage wallet would have required approvals from multiple team members to initiate a withdrawal. This, combined with a reasonable level of training for key holders, would have effectively prevented an attacker from obtaining enough private keys to perform a transfer. | |||
== References == | == References == | ||
Revision as of 11:44, 8 February 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Amazingly, this service (not quite an exchange but more a tool to invest in ICOs) is still operating despite this hack back in 2012. The obvious problem at the time is that their cold wallets weren’t actually cold wallets and were definitely not secure storage.
This exchange or platform is based in Marshall Islands, or the incident targeted people primarily in Marshall Islands.
About PicoStocks
PicoStocks is a centralized exchange based in Marshall Islands, which was launched on December 24th, 2012[1].
"There is no sign of an intrusion into the systems. Both wallets were located on different computers. We suspect that these have been copied by people who had access to the system in the past and decrypted."
This exchange or platform is based in Marshall Islands, or the incident targeted people primarily in Marshall Islands.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
While Picostocks took care to separate their funds into separate cold and hot wallets, which were kept on separate computers[2], they also kept encrypted backup copies of the private keys[2]. Rather than set up new wallets when changing over their system, they may have kept operating using their existing wallets.
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
Picostocks has speculated that the private keys of the wallet may have been copied in the past and subsequently decrypted[2].
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| December 24th, 2012 | Picostocks Launches | The centralized exchange service Picostocks launches, based in the Marshall Islands[1]. |
| November 1st, 2013 12:00:22 AM | Breach Event | The breach occured[3][4][5]. |
| Reddit Post | Picostocks posts on the Bitcoin subreddit to announce the situation which happened[2]. | |
Total Amount Lost
Funds were removed from both the hot wallet and cold wallet of PicoStocks.
The hot wallet had BTC[6].
The cold wallet had BTC[7].
The loss amount was estimated at $6,000,000 by Reddit user Godfreee[8].
The total amount lost is unknown.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
PicoStocks posted an announcement about what happened in the bitcoin subreddit[2].
PicoStocks is down for a while and will remain like this for sure over the weekend. Funds from our hot wallet and cold wallet account have been stolen.
There is no sign of an intrusion into the systems. Both wallets were located on different computers. We suspect that these have been copied by people who had access to the system in the past and decrypted.
This is of course a serious loss for the company, but we expect no losses for the users. the funds collected on user account will be returned. We will have to create a new hot wallet and we will change all PicoStocks addresses for all users, but the rest will remain as it was. We will open the system when we have positively reviewed the security and collected the funds for the users :-( Maybe in 1 week from now :-(
Multiple users heavily criticized Picostocks for operating their cold wallet on a networked computer[9][10], but there is no indication that this was the way the wallet had operated. The response with the most upvotes on Reddit concluded that the Picostocks platform either deserved their loss or was attempting a scam[11].
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
PicoStocks promised a timeline of 1 week to relaunch their platform.
PicoStocks appears to still be operating as of February 8th, 2023[1].
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
Picostocks promised users that they would return all "the funds collected on user account"[2].
It is unknown how much was recovered.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Prevention Policies
This situation could have been most effectively prevented by the use of a multi-signature wallet, rather than a single private key. In such a setup, the cold storage wallet would have required approvals from multiple team members to initiate a withdrawal. This, combined with a reasonable level of training for key holders, would have effectively prevented an attacker from obtaining enough private keys to perform a transfer.
References
- ↑ 1.0 1.1 1.2 Picostocks Trading Volume - CoinMarketCap (Feb 8, 2023)
- ↑ 2.0 2.1 2.2 2.3 2.4 2.5 Picostocks hacked, even cold wallet emptied - Reddit (Feb 8, 2023)
- ↑ 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 24)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 14)
- ↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 4)
- ↑ Picostocks Hot Wallet - Blockchain.info (Feb 8, 2023)
- ↑ Picostocks Cold Wallet - Blockchain.info (Feb 8, 2023)
- ↑ Reddit User Godfreee's estimate - Reddit (Feb 8, 2023)
- ↑ servowire Comment - Reddit (Feb 8, 2023)
- ↑ thekiwi99 Comment - Reddit (Feb 8, 2023)
- ↑ riplin Comment - Reddit (Feb 8, 2023)