CryptoRush Hack: Difference between revisions
(Another 30 minutes complete. More comprehensive review and integration of Pastebin source, and added proper reference. Rewrote sections of the wiki for greater readability.) |
(Another 30 minutes. Integrated more history on the CCN article. Review of CCN article. Filling in some sections without information. Improved summary description.) |
||
| Line 19: | Line 19: | ||
== The Reality == | == The Reality == | ||
Signs of limited experience were visible from the FAQ page of CryptoRush.in itself<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref | Using any third party platform involves a high degree of risk. Signs of limited experience were visible from the FAQ page of CryptoRush.in itself<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref>. | ||
=== Negative Balance Concern === | |||
For discrepancies in order fulfillment, users are encouraged to contact support for investigation and can review their transaction history for clarity<ref name=":3" />. The FAQ covers issues related to negative balances after placing orders, attributing them to rounding errors and assuring users that they usually resolve automatically within 30 minutes<ref name=":3" />. Negative balances suggest weakness in the platform, which had not been corrected, suggesting the possibility of a vulnerability that could be more serious if repeatedly exploited<ref name=":3" />. | |||
=== Email Address Security Theater === | |||
A FAQ entry mentioned that using email addresses was more secure than using usernames<ref name=":3">[https://web.archive.org/web/20140302062552/https://cryptorush.in/index.php?p=faq CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST] (Accessed Mar 1, 2024)</ref>. It is not clear how this is the case, since many exploits can start from the user's email address being compromised, and one of the steps in exploiting to recover an account is often obtaining access to recovery points such as the email address. There is likely to be a similar number of breaches of username/password combinations in comparison to email/password combinations for users who reuse passwords. The only case where this could be useful is if the username is publicly visible on the platform itself, giving an attacker knowledge of which username to use, however most exchange platforms do not identify the counterparties to a trade. | |||
=== Trade Engine Limitations === | |||
The FAQ page explains the trading engine's limitations, such as the trade rate matching and order fulfillment process, while offering guidance on resolving balance discrepancies caused by sync issues<ref name=":3" />. | |||
=== Each Coin Adds Attack Surface === | |||
Every coin supported increases the attack surface against a platform, since an issue in one coin could inflate the user's balance and allow them to trade against other coins. | Every coin supported increases the attack surface against a platform, since an issue in one coin could inflate the user's balance and allow them to trade against other coins. | ||
| Line 44: | Line 52: | ||
|Insider Information Leak | |Insider Information Leak | ||
|A CCN article sheds visibility into the lack of funds in the CryptoRush exchange platform<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. A support worker at CryptoRush, named DogeyMcDoge, has leaked inside information regarding the exchange's troubles. This leak sheds light on the challenges faced by CryptoRush in the past month, including two hacking incidents and unorthodox methods to recover losses. Despite attempts to reassure users with solutions like CryptoRushShares, transparency issues persisted, leading to insolvency. DogeyMcDoge's confession has been confirmed by CryptoRush's administrators, who announced an official statement forthcoming. Meanwhile, CryptoRush has appointed a new CEO and promised to reimburse stolen funds. However, doubts linger about the exchange's ability to address its issues effectively<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. | |A CCN article sheds visibility into the lack of funds in the CryptoRush exchange platform<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. A support worker at CryptoRush, named DogeyMcDoge, has leaked inside information regarding the exchange's troubles. This leak sheds light on the challenges faced by CryptoRush in the past month, including two hacking incidents and unorthodox methods to recover losses. Despite attempts to reassure users with solutions like CryptoRushShares, transparency issues persisted, leading to insolvency. DogeyMcDoge's confession has been confirmed by CryptoRush's administrators, who announced an official statement forthcoming. Meanwhile, CryptoRush has appointed a new CEO and promised to reimburse stolen funds. However, doubts linger about the exchange's ability to address its issues effectively<ref name=":0">[https://web.archive.org/web/20190624073719/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info/ CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT] (Accessed Feb 27, 2024)</ref>. | ||
|- | |||
|November 11th, 2020 8:32:40 PM MST | |||
|CCN Article Redirects | |||
|In future captures, the CCN article appears to automatically redirect users to an article about the "PS5 Skeleton Leaks to Peek Inside Sony’s Next-Gen Console"<ref>https://web.archive.org/web/20210308011115/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info (Accessed Mar 8, 2024)</ref><ref>[https://web.archive.org/web/20201112033240/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info CryptoRush support worker leaks inside info - CCN Archive November 11th, 2020 8:32:40 PM MST] (Accessed Mar 8, 2024)</ref>. The article was still online in 2019<ref>[https://web.archive.org/web/20190628080310/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info CryptoRush support worker leaks inside info - CCN Archive June 28th, 2019 2:03:10 AM MDT] (Accessed Mar 8, 2024)</ref>. | |||
|- | |- | ||
|May 9th, 2021 11:22:00 AM MDT | |May 9th, 2021 11:22:00 AM MDT | ||
|PasteBin Information Censored | |PasteBin Information Censored | ||
|The information about this case is removed from the PasteBin site for the content being "potentially harmful"<ref>[https://pastebin.com/eLkPxLWi DogeyMcDoge Pastebin] (Accessed Mar 1, 2024)</ref>. | |The information about this case is removed from the PasteBin site for the content being "potentially harmful"<ref name=":5">[https://pastebin.com/eLkPxLWi DogeyMcDoge Pastebin] (Accessed Mar 1, 2024)</ref>. | ||
|- | |||
|October 26th, 2022 9:28:15 AM MDT | |||
|Further Censorship Redirect Removed | |||
|The CCN article no longer redirects, but instead displays a 404 error that the article does not exist<ref>[https://web.archive.org/web/20221026152815/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info CryptoRush support worker leaks inside info - CCN Archive October 26th, 2022 9:28:15 AM MDT] (Accessed Mar 8, 2024)</ref>. | |||
|} | |} | ||
| Line 53: | Line 69: | ||
<ref>https://web.archive.org/web/20190624173514/https://pastebin.com/qW3xRmcL (Accessed Feb 27, 2024)</ref> | <ref>https://web.archive.org/web/20190624173514/https://pastebin.com/qW3xRmcL (Accessed Feb 27, 2024)</ref> | ||
https://www.ccn.com/cryptorush-support-worker-leaks-inside-info | [https://www.ccn.com/cryptorush-support-worker-leaks-inside-info CryptoRush support worker leaks inside info - CCN] | ||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 64: | Line 80: | ||
== Ultimate Outcome == | == Ultimate Outcome == | ||
The CryptoRush platform theft and collapse were widely reported. Around 2020, content about the incident started disappearing from the internet. | |||
=== Article/PasteBin Removal === | |||
Both the CCN article<ref>[https://www.ccn.com/cryptorush-support-worker-leaks-inside-info CryptoRush support worker leaks inside info - CCN] (Accessed Mar 8, 2024)</ref>, and the PasteBin<ref name=":5" /> were removed from the internet. | |||
=== Inclusion/Recognition On Lists === | |||
The issue was featured on several lists including Kyle Gibson<ref name="kylegibson-86" />, and the Idex Blog<ref name="idexblog-7454" />. | The issue was featured on several lists including Kyle Gibson<ref name="kylegibson-86" />, and the Idex Blog<ref name="idexblog-7454" />. | ||
| Line 77: | Line 94: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
It appears that there is an ongoing effort to suppress the information on what happened prior to the collapse of the CryptoRush platform. | |||
== Individual Prevention Policies == | == Individual Prevention Policies == | ||
{{Prevention:Individuals:Placeholder}} | {{Prevention:Individuals:Placeholder}} | ||
Revision as of 17:58, 8 March 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The primary issue here appears to be numerous exploits in the various alt coin withdrawal processes which CryptoRush handled through hot wallets. This seems to be based on the service being quickly coded in a few short months.
This exchange or platform is based in United States, or the incident targeted people primarily in United States.[1][2][3][4][5]
About CryptoRush
While CryptoRush used a .in extension[6] which is the country code of India, the exchange was actually based in the United States. CryptoRush appears to favour small alternate currencies, and was aiming to be a top cryptocurrency exchange[7]. The founder was reportedly named Kristian, while the other team members were reportedly named Matt and Chris, and they reportedly joined after beta[7].
Crypto Rush strives to help give all coins a chance. We aim to be at the top of the crypto currency exchanges as we grow, we offer low fees compared to other exchanges. We also want to give new coins a chance and have a low cost system to help get coins in. When a coin goes down, users will be automatically alerted via twitter and e-mail and the markets suspended to secure your coins! Thank you for using Crypto Rush!
Crypto Rush started by the owner Kristian in 2014 was originally to be just one market. But soon evolved into more, and even more. Matt joined the team fairly soon into development as co-owner, within a fortnight the basis was written from the ground up with security in mind.
When beta launched, Chris joined the team and helped increase productivity with his skillset
A Frequently Asked Questions (FAQ) page lists supported coins on the platform, providing users with comprehensive information about the available cryptocurrencies for trading[8]. It clarifies the fees charged by Crypto Rush, including buying and selling fees, withdrawal fees, and fees for accepting new coins, aiming to offer competitive rates and superior service[8]. Transactions on CryptoRush were all peer to peer[8]. Purchasing coins directly from Crypto Rush was not currently available, but was planned in the future[8]. Users are assured about the safety of their coins, detailing the platform's security measures and separate storage for wallets[8].
Devianttwo
Devianttwo is the founder of CryptoRush, named Kristian[7].
DogeyMcDoge
One member of the CryptoRush support team goes by the nickname DogeyMcDoge[9]. They started to work for CryptoRush in late February of 2014[9].
The Reality
Using any third party platform involves a high degree of risk. Signs of limited experience were visible from the FAQ page of CryptoRush.in itself[8].
Negative Balance Concern
For discrepancies in order fulfillment, users are encouraged to contact support for investigation and can review their transaction history for clarity[8]. The FAQ covers issues related to negative balances after placing orders, attributing them to rounding errors and assuring users that they usually resolve automatically within 30 minutes[8]. Negative balances suggest weakness in the platform, which had not been corrected, suggesting the possibility of a vulnerability that could be more serious if repeatedly exploited[8].
Email Address Security Theater
A FAQ entry mentioned that using email addresses was more secure than using usernames[8]. It is not clear how this is the case, since many exploits can start from the user's email address being compromised, and one of the steps in exploiting to recover an account is often obtaining access to recovery points such as the email address. There is likely to be a similar number of breaches of username/password combinations in comparison to email/password combinations for users who reuse passwords. The only case where this could be useful is if the username is publicly visible on the platform itself, giving an attacker knowledge of which username to use, however most exchange platforms do not identify the counterparties to a trade.
Trade Engine Limitations
The FAQ page explains the trading engine's limitations, such as the trade rate matching and order fulfillment process, while offering guidance on resolving balance discrepancies caused by sync issues[8].
Each Coin Adds Attack Surface
Every coin supported increases the attack surface against a platform, since an issue in one coin could inflate the user's balance and allow them to trade against other coins.
What Happened
The CryptoRush platform was exploited, with the attacker managing to withdraw 950 BTC and 2500 LTC.
| Date | Event | Description |
|---|---|---|
| March 11th, 2014 | Date Widely Cited | The date of the incident as reported by sources including Kyle Gibson[1]. According to DogeyMcDoge, this is the date when he was notified by Devianttwo that "something bad" had happened and brought into a Skype call where the hack was revealed[9]. |
| March 24th, 2014 8:30 AM MDT | Emergency Call | DogeyMcDoge calls Devianttwo on the emergency phone number and is told that he wasn't going to be able to fix the problems at the moment[9]. |
| March 26th, 2014 5:02:01 AM MDT | Insider Information Leak | A CCN article sheds visibility into the lack of funds in the CryptoRush exchange platform[10]. A support worker at CryptoRush, named DogeyMcDoge, has leaked inside information regarding the exchange's troubles. This leak sheds light on the challenges faced by CryptoRush in the past month, including two hacking incidents and unorthodox methods to recover losses. Despite attempts to reassure users with solutions like CryptoRushShares, transparency issues persisted, leading to insolvency. DogeyMcDoge's confession has been confirmed by CryptoRush's administrators, who announced an official statement forthcoming. Meanwhile, CryptoRush has appointed a new CEO and promised to reimburse stolen funds. However, doubts linger about the exchange's ability to address its issues effectively[10]. |
| November 11th, 2020 8:32:40 PM MST | CCN Article Redirects | In future captures, the CCN article appears to automatically redirect users to an article about the "PS5 Skeleton Leaks to Peek Inside Sony’s Next-Gen Console"[11][12]. The article was still online in 2019[13]. |
| May 9th, 2021 11:22:00 AM MDT | PasteBin Information Censored | The information about this case is removed from the PasteBin site for the content being "potentially harmful"[14]. |
| October 26th, 2022 9:28:15 AM MDT | Further Censorship Redirect Removed | The CCN article no longer redirects, but instead displays a 404 error that the article does not exist[15]. |
Technical Details
CryptoRush support worker leaks inside info - CCN
Total Amount Lost
Losses were reportedly up to 950 BTC[1] and 2500 LTC[4].
The total amount lost has been estimated at $800,000 USD[1].
Immediate Reactions
The hack was not disclosed to platform users when it occurred[9]. Instead, the platform continued to operate[9].
"The guilt was starting to build up inside of me. I answered very few tickets the week of the 16th. I was conflicted, but I worked at my full time job >40 hours that week, so it kept my mind off of things a little. The issues continued. I kept suggesting ways we could maybe get some BTC back, arbitrage, etc. We didn’t even have enough funds for that. I wanted so bad for the exchange to stay afloat, thinking “Maybe tomorrow will bring us back our volume!” But alas, the problems with Zeit, and BTC withdrawals killed our volume. There was no coming back."
Ultimate Outcome
The CryptoRush platform theft and collapse were widely reported. Around 2020, content about the incident started disappearing from the internet.
Article/PasteBin Removal
Both the CCN article[17], and the PasteBin[14] were removed from the internet.
Inclusion/Recognition On Lists
The issue was featured on several lists including Kyle Gibson[1], and the Idex Blog[4].
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
The exchange issued a “Debt Management Plan” which outlined plans and potential refunds for victims[4].
Ongoing Developments
It appears that there is an ongoing effort to suppress the information on what happened prior to the collapse of the CryptoRush platform.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 1.0 1.1 1.2 1.3 1.4 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents - Kyle Gibson (Jan 25, 2020)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
- ↑ Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
- ↑ 4.0 4.1 4.2 4.3 A Complete List of Cryptocurrency Exchange Hacks [Updated] - Idex Blog Archive February 15th, 2021 4:34:24 AM MST (Accessed Mar 26, 2022)
- ↑ Bitcoin’s Correction Could Well Have Shaken Out Potentially Damaging Investors - CoinTelegraph (Mar 26, 2022)
- ↑ CryptoRush Homepage Archive March 17th, 2014 5:05:38 AM MDT (Accessed Mar 1, 2024)
- ↑ 7.0 7.1 7.2 About CryptoRush Archive March 1st, 2014 11:56:08 PM MST (Accessed Mar 1, 2024)
- ↑ 8.00 8.01 8.02 8.03 8.04 8.05 8.06 8.07 8.08 8.09 8.10 CryptoRush FAQ Page Archive March 1st, 2014 11:25:52 PM MST (Accessed Mar 1, 2024)
- ↑ 9.0 9.1 9.2 9.3 9.4 9.5 DogeyMcDoge Pastebin Archive June 24th, 2019 11:36:46 AM MDT (Accessed Mar 7, 2024)
- ↑ 10.0 10.1 CryptoRush support worker leaks inside info - CCN Archive June 24th, 2019 1:37:19 AM MDT (Accessed Feb 27, 2024)
- ↑ https://web.archive.org/web/20210308011115/https://www.ccn.com/cryptorush-support-worker-leaks-inside-info (Accessed Mar 8, 2024)
- ↑ CryptoRush support worker leaks inside info - CCN Archive November 11th, 2020 8:32:40 PM MST (Accessed Mar 8, 2024)
- ↑ CryptoRush support worker leaks inside info - CCN Archive June 28th, 2019 2:03:10 AM MDT (Accessed Mar 8, 2024)
- ↑ 14.0 14.1 DogeyMcDoge Pastebin (Accessed Mar 1, 2024)
- ↑ CryptoRush support worker leaks inside info - CCN Archive October 26th, 2022 9:28:15 AM MDT (Accessed Mar 8, 2024)
- ↑ https://web.archive.org/web/20190624173514/https://pastebin.com/qW3xRmcL (Accessed Feb 27, 2024)
- ↑ CryptoRush support worker leaks inside info - CCN (Accessed Mar 8, 2024)