Kronos.io Pre-Launch Bitcoin Heist: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
{{Unattributed Sources}} | |||
It looks like one of the developers deliberately made the withdrawal wallets hackable so that they could withdraw the entirety of the funds. The rest of the team | Kronos was an Italian cryptocurrency exchange. It looks like one of the developers deliberately made the withdrawal wallets hackable so that they could withdraw the entirety of the funds. The rest of the team had incredibly weak or no insight into security. | ||
<ref name="bitcointalklistold-20" /><ref name="bitcointalk-82" /><ref name="bitcointalk-85" /><ref name="bitcointalklist-87" /><ref>https://web.archive.org/web/20120603231125/http://atlas.bitkoin.su/post/24166211138/an-interview-with-jonathan-ryan-owens-of-kronos-io (Accessed Sep 3, 2024)</ref> | |||
== About Kronos == | == About Kronos == | ||
"Kronos.io | "Kronos.io [was] a Bitcoinica-esque startup" "Kronos.io hired several well-known Bitcoin personalities to do work with HTML and coding." | ||
== The Reality == | == The Reality == | ||
"One of the[ hired individuals] was Alberto Armandi, who was related to Bitscalper, a scam earlier that year." | |||
== What Happened == | == What Happened == | ||
"Kronos.io was hacked in an event shrouded in mystery even today. Led by Jonathon Ryan Owens, who was simultaneously running other new startups on GLBSE (an upstart Bitcoin “stock exchange”)" | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Kronos Hack | |+Key Event Timeline - Kronos Hack | ||
| Line 44: | Line 19: | ||
!Description | !Description | ||
|- | |- | ||
| | |May 2012 | ||
| | |Alberto and Jonathon Meet | ||
| | |"Now, fast forward to around April/May 2012 : I happened to get in touch with Jonathan Ryan Owens, who since the start of our relationship pictured himself as a sort of "Mr. Big" in the Bitcoin world and shown to be able to use language fluenty, and to be able to convince anybody that he's actually skilled and a serious business man." | ||
|- | |- | ||
| | |August 16th, 2012 6:18:45 PM MDT | ||
| | |Alberto Response Post | ||
| | |Alberto posts his personal details and story accusing Jonathan Ryan Owens of using a small hack to justify the theft of the remaining bitcoins<ref>[https://bitcointalk.org/index.php?topic=101109.msg1105479#msg1105479 bitdaytrade - "My name is Alberto Armandi, i was born in Italy, 19/09/1983. I'm an internet entrepreneur who got caught in the Bitcoin phenomena about one and a half year ago." - BitcoinTalk] (Accessed Sep 3rd, 2024)</ref>. | ||
|- | |||
|August 28th, 2012 3:34:50 AM MDT | |||
|hazek Mention Of Events | |||
|In a forum response, BitcoinTalk user hazek mentions a summary of what happened - "AFAIK they went into open beta with some serious security holes that may or may not have been put there intentionally by one of the owners(code writers) which led to a 4kBTC hack right off the bat which was too much damage for them to recover from."<ref name="bitcointalk-82" />. | |||
|} | |} | ||
== Technical Details == | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 59: | Line 40: | ||
== Immediate Reactions == | == Immediate Reactions == | ||
"Alberto Armandi reportedly hacked into the website he himself helped code. The vulnerability was in the withdrawal script that Alberto coded, reportedly intentionally as a backdoor. Although incredible, Armandi has also released a story denying he hacked the website. Instead, he blamed the theft on Jonathon Ryan Owens intentionally pocketing the majority of the funds with only 1000 BTC being stolen by an unknown hacker." | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
| Line 89: | Line 70: | ||
== References == | == References == | ||
<references><ref name="bitcointalklistold-20">[https://bitcointalk.org/index.php?topic=83794.msg923918#post_toc_27 <nowiki>List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old]</nowiki>] (Jan 28, 2020)</ref> | <references> | ||
<ref name="bitcointalklistold-20">[https://bitcointalk.org/index.php?topic=83794.msg923918#post_toc_27 <nowiki>List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] - BitcoinTalk</nowiki>] (Accessed Jan 28, 2020)</ref> | |||
<ref name="bitcointalk-82">[https://bitcointalk.org/index.php?topic=84148.0 | <ref name="bitcointalk-82">[https://bitcointalk.org/index.php?topic=84148.0 hazek - '''"'''AFAIK they went into open beta with some serious security holes that may or may not have been put there intentionally by one of the owners(code writers) which led to a 4kBTC hack right off the bat which was too much damage for them to recover from." - BitcoinTalk] (Accessed Feb 15, 2020)</ref> | ||
<ref name="bitcointalk-85">[https://bitcointalk.org/index.php?topic=101109.0 Jonathan Ryan Owens locked Rebate, Zip.A, Alberto & BDT thread - BitcoinTalk] (Accessed Feb 15, 2020)</ref> | |||
<ref name="bitcointalk-85">[https://bitcointalk.org/index.php?topic=101109.0 Jonathan Ryan Owens locked Rebate, Zip.A, Alberto & BDT thread] (Feb 15, 2020)</ref> | <ref name="bitcointalklist-87">[https://bitcointalk.org/index.php?topic=576337 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk] (Accessed Feb 15, 2020)</ref> | ||
</references> | |||
<ref name="bitcointalklist-87">[https://bitcointalk.org/index.php?topic=576337 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses] (Feb 15, 2020)</ref></references> | |||
Revision as of 15:34, 13 September 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Kronos was an Italian cryptocurrency exchange. It looks like one of the developers deliberately made the withdrawal wallets hackable so that they could withdraw the entirety of the funds. The rest of the team had incredibly weak or no insight into security.
About Kronos
"Kronos.io [was] a Bitcoinica-esque startup" "Kronos.io hired several well-known Bitcoin personalities to do work with HTML and coding."
The Reality
"One of the[ hired individuals] was Alberto Armandi, who was related to Bitscalper, a scam earlier that year."
What Happened
"Kronos.io was hacked in an event shrouded in mystery even today. Led by Jonathon Ryan Owens, who was simultaneously running other new startups on GLBSE (an upstart Bitcoin “stock exchange”)"
| Date | Event | Description |
|---|---|---|
| May 2012 | Alberto and Jonathon Meet | "Now, fast forward to around April/May 2012 : I happened to get in touch with Jonathan Ryan Owens, who since the start of our relationship pictured himself as a sort of "Mr. Big" in the Bitcoin world and shown to be able to use language fluenty, and to be able to convince anybody that he's actually skilled and a serious business man." |
| August 16th, 2012 6:18:45 PM MDT | Alberto Response Post | Alberto posts his personal details and story accusing Jonathan Ryan Owens of using a small hack to justify the theft of the remaining bitcoins[6]. |
| August 28th, 2012 3:34:50 AM MDT | hazek Mention Of Events | In a forum response, BitcoinTalk user hazek mentions a summary of what happened - "AFAIK they went into open beta with some serious security holes that may or may not have been put there intentionally by one of the owners(code writers) which led to a 4kBTC hack right off the bat which was too much damage for them to recover from."[2]. |
Technical Details
Total Amount Lost
The total amount lost has been estimated at $43,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"Alberto Armandi reportedly hacked into the website he himself helped code. The vulnerability was in the withdrawal script that Alberto coded, reportedly intentionally as a backdoor. Although incredible, Armandi has also released a story denying he hacked the website. Instead, he blamed the theft on Jonathon Ryan Owens intentionally pocketing the majority of the funds with only 1000 BTC being stolen by an unknown hacker."
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
The storage of all cryptocurrency in a proper offline multi-signature wallet prevents theft by any individual party, since such a party would need the approval or breach of multiple other members of the team to spend the funds. Given operators properly educated in the protection of funds, such an attack would be entirely limited to the balance in the hot wallets in the worst case. Stronger education for exchange operators can also help ensure that they are aware of the risks.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] - BitcoinTalk (Accessed Jan 28, 2020)
- ↑ 2.0 2.1 hazek - "AFAIK they went into open beta with some serious security holes that may or may not have been put there intentionally by one of the owners(code writers) which led to a 4kBTC hack right off the bat which was too much damage for them to recover from." - BitcoinTalk (Accessed Feb 15, 2020)
- ↑ Jonathan Ryan Owens locked Rebate, Zip.A, Alberto & BDT thread - BitcoinTalk (Accessed Feb 15, 2020)
- ↑ List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Accessed Feb 15, 2020)
- ↑ https://web.archive.org/web/20120603231125/http://atlas.bitkoin.su/post/24166211138/an-interview-with-jonathan-ryan-owens-of-kronos-io (Accessed Sep 3, 2024)
- ↑ bitdaytrade - "My name is Alberto Armandi, i was born in Italy, 19/09/1983. I'm an internet entrepreneur who got caught in the Bitcoin phenomena about one and a half year ago." - BitcoinTalk (Accessed Sep 3rd, 2024)