Vircurex Second Exchange Hack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 13:45, 2 April 2024 by Azoundria (talk | contribs) (30 minutes. Integrated about section information and updated template. Integrated inforamtion about Vircurex from other hacking article. Integrating information from BitcoinTalk article. Added in information from the Vircurex report, including the additional terracoin and litecoin which were stolen. Fully integrated may 2013 report and further review.)
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Vircurex Homepage/Logo

Vircurex experienced a second hack in 2013, which ultimately contributed to the collapse of the exchange later in 2014. It appears that attempts were made to repay the debt with ongoing profits, however this proposal appears to be very poorly implemented and lacked any indication of how the platform was going to prevent future hacks.

The country for this case study is not yet known.[1][2]

About Vircurex

Vircurex was a Beijing-based virtual currency exchange[3] which was operational since October 2011[3][4].

Vircurex was based in Germany(?). The exchange supported trading in different cryptocurrencies including bitcoin, namecoin, devcoin, litecoin, ixcoin, ppcoin, and terracoin[5]. The Vircurex platform enabled trading between BTC, USD or EUR, plus up to 18 other cryptocurrencies, however they've eliminated some less popular coins over time[3].

Vircurex gained popularity by offering interest to users holding multiple cryptocurrencies[4].

The exchange offered deposits and withdrawals in both USD and EUR[5]. The homepage of the website featured pricing tables for all supported coins[5].

Vircurex, the exchange platform for buying, selling and trading your Bitcoins and its various alt-chains. We currently support Bitcoin, Namecoin, Devcoin, Litecoin, Ixcoin, PPCoin, Terracoin

Homepage: vircurex.com[5]

The Reality

The Vircurex exchange had already been hacked once.

What Happened

"The hot wallet and “warm” wallet of Bitcoin to alternative cryptocurrency exchange service Vircurex was emptied in May 2013, resulting in a significant loss of three currencies: Bitcoin, Terracoin, and Litecoin."

Key Event Timeline - Vircurex Second Exchange Hack
Date Event Description
May 10th, 2013 Breach Date Reported date of breach[6][7].
June 5th, 2013 Report Released Vircurex releases a report covering the events of May, including the breach which happened[7].
April 18th, 2014 7:56:22 PM MDT Included In BitcoinTalk List A subsequent Vircurex exchange hack is featured in the BitcoinTalk "List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses" published by user dree12[6].

Technical Details

Based on an analysis report provided by Vircurex, the attack was a simple impersonation where the perpetrator claimed to be the exchange operator and requested a reset of the account credentials. In addition to resetting the servers, the root password was provided outside of the normal email address to be used and the attacker was able to circumvent an IP-based restriction on the account's control panel[7].

The attacker has acquired login credentials to our VPS control account with our hosting service provider and has then asked for the root password reset of all servers which – unfortunately – the service provider has then done and posted the credentials in their helpdesk ticket, rather than the standard process of sending it to our email address (which has 2FA protection), also the security setup of allowing only our IP range to login to the management console was not working. It was an additional security feature the provider offered but was obviously circumvented by the attacker. As a result out of this incident we have moved all our services to a new provider who offers 2 factor authentication for all logins as well as other verification processes that we hope will make similar attempts impossible in the future.

Relevant blockchain transactions[6]:

  • cbce6bd1e274a9ea9d6946feaf4a1b0f80a5885a8482f4ebf3caa052f22bb4bf
  • 85489430661f3041608749acb3019a1dcbf07a60f22e4bc43acfd05b46496cc9

Total Amount Lost

The amount lost is listed as being exactly 1454.015 bitcoin[6]. This was listed as being equivalent to $163,351 USD[6].

1454 BTC x $117.20 = $170408.8

In addition to the lost bitcoin, there was also 225,263 terracoin and 23,400 litecoin which were taken in the incident[7].

A breakdown of the losses was provided in a report published by Vircurex[7].

Table Breakdown Of Losses
Currency Amount Address Transaction
BTC 706 17gPdCyzEMRXdNTBpHrUhsM4FaiWMHhx2Q cbce6bd1e274a9ea9d6946feaf4a1b0f80a5885a8482f4ebf3caa052f22bb4bf
BTC 748 1PWQJu9AskoXEBYMod1KqPE6TTG4VYNz1P 85489430661f3041608749acb3019a1dcbf07a60f22e4bc43acfd05b46496cc9
TRC 130,263 1Mu1wbyfkcrRarPveiihy5iuceLGC91Z4T 33011a0e26fe1c3515c699eecdae9d7550218779ae72fe7af063fffc80361d64
TRC 95,000 1MeY3VVudFUV91gxVZsaY92TguRWy7eQbE 90239779a08243883f54bdb2503f4f40be2541487c2ef2383ef4d8277660e88b
LTC 23,400 LV8VnCDYJzd3FYNwn6n3Kyi1i7PB2MvXPo 30231aee25900b9cb1fba16f1a8923a0cd866d60b01e542be1a4b26f92d9d10f

The total amount lost has been estimated at $170,000 USD.

Immediate Reactions

"Initially, Vircurex operated normally despite the loss, though it no longer paid dividends to shareholders."

Vircurex's initial report on the incident explained that the funds could be recovered from operating profits[7].

The loss of the funds will be recovered out of the monthly dividends. Dividends will be used to purchase back the missing funds in the coming months. Depending on the trading volume development this is expected to take 9 to 12 months.

"In March 2014, due to strain caused by large withdrawals (in addition to a default by AurumXChange, a fiat processor Vircurex used), Vircurex froze large quantities of many currencies; however, it promises to pay these back eventually."

Ultimate Outcome

Addition of IP Whitelisting

After 3 user accounts reported being hacked, Vircurex added IP address whitelisting to their service, so users who logged in from a new IP address would have to confirm their IP address via email[7].

Inclusion In Lists

The breach was ultimately included in a list published by user dree12 on Bitcoin Talk[6].

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. https://blockchain.info/address/16cDeEFn6sraUEJrDCt2Yg3r7j2oazSYEd
  2. https://vircurex.com/welcome/ann_reserved.html
  3. 3.0 3.1 3.2 Exchange Vircurex Freezes Withdrawals, Claims Lack of Reserves - CoinDesk - Archive September 18th, 2021 8:02:19 PM MDT (Feb 29, 2020)
  4. 4.0 4.1 Vircurex Faces Class-Action Lawsuit - Finance Magnates (Jan 4, 2024)
  5. 5.0 5.1 5.2 5.3 Vircurex Exchange Homepage Archive April 24th, 2013 1:13:56 AM MDT (Dec 11, 2023)
  6. 6.0 6.1 6.2 6.3 6.4 6.5 List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses - BitcoinTalk (Feb 15, 2020)
  7. 7.0 7.1 7.2 7.3 7.4 7.5 7.6 May 2013 Report - Vircurex Archive March 23rd, 2014 1:59:16 PM MDT (Dec 12, 2023)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Vircurex_Second_Exchange_Hack&oldid=5601"