Picostocks “Cold Wallet” Hack: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(→‎What Happened: total amount lost and other items massively improved.)
(→‎Total Amount Lost: calculations completed.)
Line 76: Line 76:
The loss amount was reportedly as 5,896.23098163<ref name="bitcointalklist" /> BTC (some sources rounded this to 5,895 BTC<ref name="kylegibson" />), with an estimated value of either $6,000,000 USD<ref name="kylegibson" /><ref>[https://www.reddit.com/r/Bitcoin/comments/1rrnua/comment/cdq6gzl/ Reddit User Godfreee's estimate - Reddit] (Feb 8, 2023)</ref> or $3,009,397 USD<ref name="bitcointalklist" />.
The loss amount was reportedly as 5,896.23098163<ref name="bitcointalklist" /> BTC (some sources rounded this to 5,895 BTC<ref name="kylegibson" />), with an estimated value of either $6,000,000 USD<ref name="kylegibson" /><ref>[https://www.reddit.com/r/Bitcoin/comments/1rrnua/comment/cdq6gzl/ Reddit User Godfreee's estimate - Reddit] (Feb 8, 2023)</ref> or $3,009,397 USD<ref name="bitcointalklist" />.


Funds were removed from both the hot wallet and cold wallet of PicoStocks<ref name=":0" /><ref name="bitcoinexchangeguide" /><ref name="bitcointalklist" />. According to blockchain data, the hot wallet had 685.57933572 BTC<ref>[http://blockchain.info/address/1NzM1bdTKuK9z3pQUCc1raXPezYUenSNWj Picostocks Hot Wallet - Blockchain.info] (Feb 8, 2023)</ref><ref name=":3" /> and the cold wallet had 5210.65104591 BTC<ref>[https://blockchain.info/address/12RAM7r4EraZ5ESU5QJwe8sS3gj3YYEgpF Picostocks Cold Wallet - Blockchain.info] (Feb 8, 2023)</ref><ref name=":2" />. This maintains a total of 5896.23038163 BTC. Using the closing market price for November 29th, 2013 of $ USD from BuyBitcoinWorldWide<ref>[https://buybitcoinworldwide.com/price/ BuyBitcoinWorldWide Price] (Feb 8, 2023)</ref>, this gives a total value of $ USD.
Funds were removed from both the hot wallet and cold wallet of PicoStocks<ref name=":0" /><ref name="bitcoinexchangeguide" /><ref name="bitcointalklist" />. According to blockchain data, the hot wallet had 685.57933572 BTC<ref>[http://blockchain.info/address/1NzM1bdTKuK9z3pQUCc1raXPezYUenSNWj Picostocks Hot Wallet - Blockchain.info] (Feb 8, 2023)</ref><ref name=":3" /> and the cold wallet had 5210.65104591 BTC<ref>[https://blockchain.info/address/12RAM7r4EraZ5ESU5QJwe8sS3gj3YYEgpF Picostocks Cold Wallet - Blockchain.info] (Feb 8, 2023)</ref><ref name=":2" />. This maintains a total of 5896.23038163 BTC. Using the bitcoin market price for November 29th, 2013 of $1,037.76 USD from BuyBitcoinWorldWide<ref>[https://buybitcoinworldwide.com/price/ BuyBitcoinWorldWide Price] (Feb 8, 2023)</ref>, this gives a total value of $5,407,405.23 USD.


== Immediate Reactions ==
== Immediate Reactions ==

Revision as of 12:40, 8 February 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Amazingly, this service (not quite an exchange but more a tool to invest in ICOs) is still operating despite this hack back in 2012. The obvious problem at the time is that their cold wallets weren’t actually cold wallets and were definitely not secure storage.

This exchange or platform is based in Marshall Islands, or the incident targeted people primarily in Marshall Islands.

About PicoStocks

PicoStocks is a centralized exchange based in Marshall Islands, which was launched on December 24th, 2012[1]. They reportedly used novel means for circumventing legal regulation[2] and was run by the BitcoinTalk user "tytus"[3][2].

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

While Picostocks took care to separate their funds into separate cold and hot wallets, which were kept on separate computers[4], they also kept encrypted backup copies of the private keys[4] and kept operating with those same wallets.

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

PicoStocks has speculated that the private keys of the wallet may have been copied in the past and subsequently decrypted[4]. The culprit then used this access to the keys to steal funds from both wallets[2].

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - PicoStocks “Cold Wallet” Hack
Date Event Description
December 24th, 2012 PicoStocks Launches The centralized exchange service PicoStocks launches, based in the Marshall Islands[1].
November 29th, 2013 10:00:41 AM Cold Wallet Breached The breach is reported to have occurred on November 29th, 2013[5][2][6]. The first blockchain transaction shows a timestamp of 10:00:41 AM[7][2].
November 29th, 2013 10:11:59 AM Hot Wallet Breached A second blockchain transaction in the following block empties what is believed to be the hot wallet[8][2].
Reddit Post PicoStocks posts on the Bitcoin subreddit to announce the situation which happened[4].
November 29th, 2013 6:18:45 PM BitcoinTalk Post BitcoinTalk user "tytus", suspected to be the founder of PicoStocks, posts the same announcement on the BitcoinTalk forum[3].
February 15th, 2014 5:06:57 AM Hot Wallet Funds Move The funds originally breached from the hot storage wallet started to move on the blockchain[9].
February 17th, 2014 6:03:47 AM Cold Wallet Funds Move The funds originally breached from the cold storage wallet started to move on the blockchain[10].

Total Amount Lost

The loss amount was reportedly as 5,896.23098163[2] BTC (some sources rounded this to 5,895 BTC[5]), with an estimated value of either $6,000,000 USD[5][11] or $3,009,397 USD[2].

Funds were removed from both the hot wallet and cold wallet of PicoStocks[4][6][2]. According to blockchain data, the hot wallet had 685.57933572 BTC[12][8] and the cold wallet had 5210.65104591 BTC[13][7]. This maintains a total of 5896.23038163 BTC. Using the bitcoin market price for November 29th, 2013 of $1,037.76 USD from BuyBitcoinWorldWide[14], this gives a total value of $5,407,405.23 USD.

Immediate Reactions

PicoStocks posted an announcement about what happened in the bitcoin subreddit[4].

PicoStocks is down for a while and will remain like this for sure over the weekend. Funds from our hot wallet and cold wallet account have been stolen.

There is no sign of an intrusion into the systems. Both wallets were located on different computers. We suspect that these have been copied by people who had access to the system in the past and decrypted.

This is of course a serious loss for the company, but we expect no losses for the users. the funds collected on user account will be returned. We will have to create a new hot wallet and we will change all PicoStocks addresses for all users, but the rest will remain as it was. We will open the system when we have positively reviewed the security and collected the funds for the users :-( Maybe in 1 week from now :-(

Multiple users heavily criticized PicoStocks for operating their cold wallet on a networked computer[15][16], but there is no indication that this was the way the wallet had operated. The response with the most upvotes on Reddit concluded that the PicoStocks platform either deserved their loss or was attempting a scam[17].

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

PicoStocks promised a timeline of 1 week to relaunch their platform[4] and reportedly completely covered all losses[2].

The attacker appears to have kept the breached funds in the same wallet location for the subsequent 3 months before finally starting to move those funds[9][10].

PicoStocks appears to still be operating as of February 8th, 2023[1].

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

PicoStocks promised users that they would return all "the funds collected on user account"[4] and this was reportedly followed through with[2].

It is unknown how much was recovered.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

This situation could have been most effectively prevented by the use of a multi-signature wallet, rather than a single private key. In such a setup, the cold storage wallet would have required approvals from multiple team members to initiate a withdrawal. This, combined with a reasonable level of training for key holders, would have effectively prevented an attacker from obtaining enough private keys to perform a transfer.

References

  1. 1.0 1.1 1.2 Picostocks Trading Volume - CoinMarketCap (Feb 8, 2023)
  2. 2.00 2.01 2.02 2.03 2.04 2.05 2.06 2.07 2.08 2.09 2.10 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 14)
  3. 3.0 3.1 Quote of Original Announcement on BitcoinTalk (Feb 8, 2023)
  4. 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 Picostocks hacked, even cold wallet emptied - Reddit (Feb 8, 2023)
  5. 5.0 5.1 5.2 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 24)
  6. 6.0 6.1 Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 4)
  7. 7.0 7.1 Cold Wallet Breach Transaction - Blockchain.info (Feb 8, 2023)
  8. 8.0 8.1 Hot Wallet Breach Transaction - Blockchain.info (Feb 8, 2023)
  9. 9.0 9.1 Hot Wallet Funds Start To Move - Blockchain.info (Feb 8, 2023)
  10. 10.0 10.1 Subsequent Movement of Cold Wallet Funds - Blockchain.info (Feb 8, 2023)
  11. Reddit User Godfreee's estimate - Reddit (Feb 8, 2023)
  12. Picostocks Hot Wallet - Blockchain.info (Feb 8, 2023)
  13. Picostocks Cold Wallet - Blockchain.info (Feb 8, 2023)
  14. BuyBitcoinWorldWide Price (Feb 8, 2023)
  15. servowire Comment - Reddit (Feb 8, 2023)
  16. thekiwi99 Comment - Reddit (Feb 8, 2023)
  17. riplin Comment - Reddit (Feb 8, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Picostocks_“Cold_Wallet”_Hack&oldid=1803"