CoinLenders Platform Closes With Funds
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
CoinLender was a bitcoin lending platform launched by TradeFortress, the same individual who launched Inputs.io. The service appears to lend bitcoins that users deposited out to others, although it was claimed to only be a demo for legal reasons. Funds were stored in a hot wallet under the individual control of TradeFortress. At least 6514.894239 BTC ($869k USD at the time) was invested. After the inputs.io wallet was breached due to on of TradeFortress's old email accounts being breached, very few funds were disbursed back to CoinLenders users, a reported 219.383 BTC (roughly $29k). [1][2][3][4][5][6][7][8][9][10][11][12]
About CoinLenders
"Bitcoin lending. Get BTC loans with sane repayments. Or earn fee rebates on your deposited coins!" "CoinLenders is a website that offers (and keeps track of) bitcoin loans, and also offers credit ratings / ID verifications. We also plan on additional features over time."
"Get loans! Get your credit rating which you choose who to share to, apply for BTC loans.. You choose your interest rate and schedule!" "First of all, improve your credit rating so you're more likely to get a loan. Also list your reputation - we don't lend money to strangers. After that, visit the loans page."
"Earn fee rebates! Get fee rebates for having a balance or buying CDs. The current max AFR is 27.25%. Don't face a loss with lending yourself where defaults affect you!" "Fee rebates are paid daily as long as you have at least 1 BTC in balance. Deposits are prorated, as in if you deposit coins a hour before fee rebates is paid you won't get the full daily fee rebate. For more info, see the fee rebate page."
"CD stands for Certificate of Deposit. They are fixed return, fixed term bonds essentially. You lock in a fee rebate rate for an amount, in exchange for the deposit being fixed term. For more info, see the Wikipedia article." "You lock in this fee rebate rate instead of it being variable and subject to change at any time. For example, if you buy a 20% APR CD and the variable account fee rebate rate is changed to 18% after a few days, that CD will no longer be offered (replaced with a lower paying one) while you (who have locked in) gets 20% APR. More choice to suit you."
"Coinlenders.com is as legit as it gets in Bitcoin investments. It's run by Tradefortress, one of the most trusted (and hated for some reason) people in the industry. It is not a ponzi, he lends the coins out at a higher interest rate than he pays... and the bulk of the loans are secured with assets such as shares in Bitcoin companies."
"I have personally done over a thousand Bitcoins worth of Bitcoins with him this year."
The Reality
"I can't offer anyone advice as to whether or not using such a system is legal in their jurisdiction, and I have never used the site coinlenders.com itself. I am only speaking as to the credibility of the person behind it."
"Important Notice: CoinLenders is not a bank or financial institution. This is not an investment, and CoinLenders does not solicit investments from anyone. CoinLenders is a fictional website operating for web development, entertainment and educational purposes only." "This is a demo instance of the CoinLenders Bitcoin Bank Script. While this demo is fully functional, nothing is real, and nothing is an investment."
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| July 17th, 2013 10:48:52 AM MDT | Investigation Underway Post | A posted response in the BitcoinTalk thread mentions doing an investigation on the CoinLender platform[16]. |
| July 26th, 2013 6:33:09 PM MDT | Reddit Discussion On Legitimacy | A Reddit discussion is posted about the legitimacy of the CoinLenders platform[3]. |
| July 30th, 2013 8:50:38 AM MDT | Questions And Withdrawals From One Investor | BitcoinTalk user kopipe posts that they are withdrawing their 20 BTC as they have concerns over the change in terminology to fee rebate instead of interest and are concerned that TradeFortress may be going through legal troubles[17]. |
| August 11th, 2013 6:23:40 AM MDT | CoinLender Homepage Captured | CoinLender homepage is captured on archive[13]. |
| August 29th, 2013 12:26:58 PM MDT | CoinLender thread edited on BitcoinTalk. | The CoinLender thread is edited to indicate that the platform has closed due to regulatory concerns[18]. As previously indicated, everything on the site is reportedly fictional[18]. |
| August 29th, 2013 4:20:19 PM MDT | Clarification Confirms Closed Down | TradeFortress clarifies to confirm that the site is already closed down, and all which is showing up is a demo. He instructs users to visit the other thread if they are confused, and closes the first thread to prevent any further replies there[19]. |
| September 23rd, 2013 7:25:09 PM MDT | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
| October 8th, 2013 9:43:59 AM | CoinLender Support Page Captured | Support page was captured[15]. |
| October 22nd, 2013 7:57:00 PM MDT | Unauthorized Linode Account Access | According to DumbFruit, the unauthorized Linode access occurred on this date[12]. |
| October 23rd, 2013 4:25:00 AM MDT | Linode Account Password Reset | According to DumbFruit, "TradeFortress reset his Linode Manager password and logged into it"[12]. |
| October 23rd, 2013 12:45:42 PM MDT | Actual Hack Of 4k Bitcoin | According to blockchain data, the transaction which removes 4000.01263754 BTC from the inputs.io website happens[20]. |
| October 23rd, 2013 2:37:00 PM MDT | Claimed Hack Of 4k Bitcoin | A hack for 4k worth of bitcoin is reported to have happened at this time based on a summary by DumbFruit[12]. Prior to this time, "Tradefortress did not shut down the site, he did not move any of the coins to a cold wallet, he did not report the theft to local authorities, he did not notify any depositors, and he did not stop any new users from depositing to his site."[12] |
| November 7th, 2013 1:01:00 PM MST | Additional Hacking Event Occurred | An additional hacking event happened through a Lish connection to the server, which bypassed the 2FA which had been set up[12]. The hacker was able to steal an additional 160 bitcoin[12]. |
| November 8th, 2013 11:03:54 AM MST | Summary of Events on BitcoinTalk | A summary of the events is published by BitcoinTalk user DumbFruit in a new thread[12]. As of this post, "There has been no announcement yet regarding CoinLenders Deposits." for any reimbursement[12]. |
| November 20th, 2013 9:43:22 PM MST | Edits To Event Summary Thread | The event summary thread is edited to it's final version by DumbFruit[12]. It is unclear what parts of this thread may have been edited or not. |
| December 19th, 2013 3:13:37 PM MST | CoinLender Homepage Captured | CoinLender homepage is captured on archive[14]. |
Technical Details
Total Amount Lost
The total amount lost has been estimated at $869,000 USD.
Immediate Reactions
"The hot wallet bitcoind is hosted on another server, and only has a small amount of bitcoins that will be topped up when we give new loans. We reguarly backup our MySQL databases. As with any bitcoin service, don't treat it as a government insured bank, use offline / paper wallets to store the bulk of your coins."
"CL used Inputs as it's wallet." "TradeFortress did not have any bitcoins stored in a cold wallet either for CoinLenders.com or Inputs.io."
"He might decide to go away with your money and you'd have an harder time getting it back, but if the government comes knocking at his door it won't care and confiscate anything anyway." "Thanks for your feedback, armchair lawyers."
"We're talking about the same guy who all of a sudden "oh hi Coinlenders is now closed down, this is a full working demo now, have fun". Honestly I would expect anything."
"Due to growing regulatory attention on Bitcoin, CoinLenders regrettably has decided to close it's service. As detailed on the site, everything was fictional anyway."
"We're now selling the CoinLenders script and we have a fully functional demo instance available here. It has been filled with real world data, take a look!"
"It took me 2 years, many late nights and much diligence to accumulate 6 BTC. Starting with faucets, then moving on to pushing small volume on violitile BTC & security exchange markets. All it took was 1 month to loose it all. The first half of my lose occurred through a close Internet friend of 4 years(who actually brought bitcoin to my attention) a P2P loan that defaulted. The second half of my loss now comes from this fiasco."
"Inputs does not lend out money, it does not have assets, it does not have shares, etc. It's much simpler to manage than coinlenders, which is why it is being done first."
"I understand that people want more information but nothing has been finalized yet, and you'll receive an email when there's updates."
Ultimate Outcome
"CL still has some assets and people did not lose all of their money." "Due to major hacks, Inputs does not have enough BTC to repay everyone fully which has also affected CoinLenders. If you have had balance shown on Inputs.io, we're dividing up the coins we do have left based on a sliding scale, and have sent it to the specified address. On your Inputs account, your balance should have flipped to the negative to indicate you've received a refund. We apologize sincerely for the lost Bitcoins. It's been a very hard lesson for us, and we're sorry that we have to pass it onto our users. Please respond to the email if you have any queries."
"All CL users with a balance (in the form of CDs, balances, withdrawals, to Inputs that weren't credited) will receive an email update within a week."
"Inputs.io accounts are being refunded partial amounts inversely proportionate to the amount of BTC they had at Inputs.io, using a sliding scale. As a rough estimation (see blow), deposits of over 10btc are refunded less than 50%, deposits below 10btc are refunded greater than 50%. There has been no announcement yet regarding CoinLenders Deposits."
Total Amount Recovered
The total amount recovered has been estimated at $29,000 USD.
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Funds should never be stored in a hot wallet unless needed to active withdrawals. All other funds should be stored in cold storage and protected through a multi-signature requirement. Hot wallets should be insureed through self-insurance or an industry insurance fund.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred - BitcoinTalk (Accessed Mar 14, 2022)
- ↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred - BitcoinTalk (Accessed Mar 14, 2022)
- ↑ 3.0 3.1 How legit is Coinlenders.com? - Bitcoin Reddit (Accessed Mar 20, 2022)
- ↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred - BitcoinTalk (Accessed Mar 15, 2022)
- ↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ CoinLenders Script :: Bitcoin Bank (Borrow+Deposit) Software :: Demo Available - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ Inputs.io | Instant Payments, Offchain API, Secure Wallet, 235k+ BTC transferred - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ 12.0 12.1 12.2 12.3 12.4 12.5 12.6 12.7 12.8 12.9 CoinLenders, Inputs.io, Tradefortress (HACK) - BitcoinTalk (Accessed Mar 20, 2022)
- ↑ 13.0 13.1 CoinLenders Homepage Archive August 11th, 2013 6:23:40 AM MDT (Accessed Mar 20, 2022)
- ↑ 14.0 14.1 CoinLenders Homepage Archive December 19th, 2013 3:13:37 PM MST (Accessed Mar 20, 2022)
- ↑ 15.0 15.1 CoinLender Support Archive October 8th, 2013 9:43:59 AM MDT (Accessed Mar 20, 2022)
- ↑ Milkshake - "I am doing an investigation into TradeFortress, regarding possible scams, and I'm seeking transaction ID's of deposits/withdrawals from coinlenders. If you feel comfortable anonymously disclosing your transaction ID's or information related to any possible scams TradeFortress has commited, you can send it" - BitcoinTalk (Accessed October 21st, 2024)
- ↑ kopipe - "With the addition of this notice I pulled out the ~20BTC I had on CoinLenders for the past few days. It is not that I do not trust TradeFortress, but I do not want to keep my coins on a site that claims that they don't exist. This and the confusing change to "fee rebates" makes me think they might be having some legal trouble." - BitcoinTalk (Accessed October 21st, 2024)
- ↑ 18.0 18.1 TradeFortress - "Due to growing regulatory attention on Bitcoin, CoinLenders regrettably has decided to close it's service. As detailed on the site, everything was fictional." - BitcoinTalk (Accessed October 21st, 2024)
- ↑ TradeFortress - "CoinLenders has already closed down. What you see now is the fully functional demo. See the new thread if you are confused. There are no pending changes, all the changes have already been made." - BitcoinTalk (Accessed Oct 28, 2024)
- ↑ Transfer Of 4000.01263754 From Inputs.io to Attacker - Blockchain.com (Accessed Oct 28, 2024)
- ↑ Bitcoin Historic Price - Investing.com (Accessed Mar 15, 2022)