Bitcurex Exchange Hack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 19:00, 15 February 2023 by Azoundria (talk | contribs)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

BitCurex

Although one might initially believe that Bitcurex did not learn from their first breach, the subsequent details, response and failed promises by the administration would tend to suggest otherwise. Timing is coincident with an increase in regulatory pressure from the Polish government, which the exchange publicly embraced. As the records of customer trades and balances are conveniently lost in the hack, and also don’t appear to have been properly backed up, it seems that whether the $1.5m official figure was the entirety of liabilities could be questioned. Bitcurex was known to be using cold storage back in 2014, which was not hacked in that breach. So it’s curious that they didn’t seem to mention any cold storage here. We’ve seen countless examples to demonstrate why multi-signature is so critical in preventing both hacks and insider fraud. The exchange was also entirely unaudited for the majority of it’s existence, giving customers no visibility at all into the operation.

This exchange or platform is based in Poland, or the incident targeted people primarily in Poland. [1][2][3][4][5][6][7][8][9][10][11]

About BitCurex

"Bitcurex is a European bitcoin exchange launched in 2012 and supporting PLN, EUR and USD trading." "Set up in July 2012, Bitcurex is based in Łódź, Poland. The cryptocurrency exchange is operated by local company Digital Future Ltd. Introduced first on BitcoinTalk forum on July 16, 2012." “The polish exchange was one of the oldest in the country” and “one of Poland’s largest exchanges”.

“It’s one of the bigger bitcoin exchanges serving the European market, specifically for trading zloty and also euros.”

"“Bitcurex,” shut shop after a reported 2300 BTC ($1.5 mln) theft. “On 13.10.2016 as a result of third-party systems service www.bitcurex.com [was] damaged by external interference in automated data collection and processing of information. The consequence of these actions is the loss of part of the assets managed by bitcurex.com/dashcurex.com.”

“Not only has the exchange shut down and people have most likely lost all their money, it also came to light that customer data of the exchange was also compromised in the hack that took place in October 2016.”

“Initially, the company promised users a 7-day currency refund. However, this did not happen.” “Given that the exchange required proved ownership of the site and that the confirmed balance disagreed with the facts, you can come to the conclusion that the exchange does not have a current copy of the database, which could be damaged at the time of the alleged hacking.” Just prior to the hack, Bitcurex in July announced “Polish bitcoin exchange Bitcurex has announced that it will be the first exchange in Poland to add a certified compliance department, adapting internal procedures to the most stringent standards operating in the financial sector.” Since the 2014 hack, “they appear to have been running without incident.” “Bitcurex processed over $50 million worth of BTC transactions in its final six months.”

“November 30 was the date of the planned launch of the Bitcurex exchange [which] closed after the alleged burglary. Unfortunately, the exchange was not launched and, worst of all, no new official message appeared on the website.” “A dozen or so days after the incident, the stock exchange has already started the refund procedure and has provided a form on its website. This form contained space for sensitive personal data, including personal identification cards, scanned ID cards and bills confirming check-in, and most interestingly the requirement to provide all evidence of customer funds on the site!”"

This exchange or platform is based in Poland, or the incident targeted people primarily in Poland.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Bitcurex Exchange Hack
Date Event Description
October 13th, 2016 12:00:00 AM Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost has been estimated at $1,500,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Bitcurex is one of a handful of cases where lots could have been done differently to prevent the tragedy.

References

  1. Bitcurex Forced to Shut Down After $1.5 million Theft | News Bitcoin News (Feb 1, 2020)
  2. 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)
  3. Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
  4. Poland’s Bitcoin Exchange Bitcurex Disappears in Mt.Gox Fashion (Mar 7, 2020)
  5. The oldest Polish Bitcoin exchange has disappeared. The company that manages it has PLN 6,000 in capital. It evaporated 8.5 million PLN (Mar 7, 2020)
  6. Bitcurex exchange disappears with 2,300 bitcoins - EconoTimes (Mar 7, 2020)
  7. Bitcurex adds compliance department which is being overseen by the Poland Compliance Association | News Bitcoin News (Mar 7, 2020)
  8. Bitcurex is still silent - scandals continued (Mar 13, 2020)
  9. Polish Law Enforcement Investigating Bitcoin Exchange Shutdown - CoinDesk (Mar 13, 2020)
  10. Bitcurex - Bitcoin Wiki (Mar 13, 2020)
  11. Bitcurex Exchange Shuts Down & Announces Restructuring (May 8, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitcurex_Exchange_Hack&oldid=1950"