[2018-10-29] Minor Crypto Exchange Pulls Off Exit Scam, Steals All User Funds

Documan

newbie

Activity: 60

Merit: 0

Quote from: snipie on October 30, 2018, 02:22:30 AM

Better to use a trusted exchange with known staff members or at least having real names and locations.
This exchange is scamming users, or else why would it shut down every possible contact with it?
The "hack" story will never end apparently.

I use the Bitfinex and Poloniex, they are quite reliable. They have returned the stolen funds.

Kemarit

legendary

Activity: 3080

Merit: 1353

Quote from: stompix on November 06, 2018, 05:51:17 AM

Quote from: Kemarit on November 05, 2018, 05:19:02 PM

For those who wanted to see the post-mortem:

https://pastebin.com/PZD3Qb35

They used a open source called Peatio. (https://github.com/peatio/peatio). But it seems the hacker knows how to exploit a bug on the application itself.

Quote

~

This is another lessons learned for other exchanges to do some internal audit specially if they are using open-source. They already admitted that they're not refunding any BTC or LTC so its another lost for our crypto traders here.

This doesn't eliminate the possibility of an exit hack.
They've could have done this themselves knowing the exploit and blame it on some "hacker".

Unfortunately, I can see a new trend growing here, small exchanges doing some upgrades they now are faulty without bug fixes and then hacking themselves exactly at the right time.

I don't buy this hacker story, when you get hacked you don't start deleting LinkedIn profiles and bitcointalk posts, it's pretty clear that for a moment at least they've tried to run away and erase all traces, probably they've decided against it once they've realized they left behind too much info and tracking them would be a piece of cake.

Of course we can't discounted the fact that it could be very well a 'inside job'. Easy money for them, just blame some hackers for pulling the stunt and they're off the hook. But its hard to prove unless there's someone who 'rats out' and exposed them.

@Betwrong - you could be right, but if traders would just used their common sense, just trade their shitcoins on that shitty exchange and get out. No need to keep their funds because this kind of fly-by-night exchanges are not to be trusted. But it too late already, and now they're paying the price for this stupidity.

Betwrong

legendary

Activity: 3374

Merit: 2198

I stand with Ukraine.

Quote from: stompix on November 06, 2018, 11:26:56 AM

Quote from: gentlemand on November 06, 2018, 09:06:29 AM

Where do people find exchanges like this? Why do they choose to trust them?

I could understand someone dabbling with a totally unknown quantity in 2011 when everything was crap. In this day and age it makes no sense

~
- start adding pairs of shady tokens that have never hit another exchange and make sure to advertise this on their ann thread
~

I think this is the main reason why people find exchanges like this. Right now, for example, many people are looking for a way to trade Oyster (PRL) tokens, and some of them would definitely fall for a scam site where PRL/BTC, PRL/ETH or other similar pairs are being "traded".

Other reasons may include terms which are more favorable for customers, like no KYC/AML, lower withdrawal fees, higher rates for the coins they want to sell etc.. People who fall for that think they are smarter than others, and consequently they pay the price.

veleten

legendary

Activity: 2016

Merit: 1106

Quote from: gentlemand on November 06, 2018, 09:06:29 AM

Where do people find exchanges like this? Why do they choose to trust them?

I could understand someone dabbling with a totally unknown quantity in 2011 when everything was crap. In this day and age it makes no sense

no idea, really why would one search troubles for his hiney is beyond me
not that the big ones won't scam you, but at least the chances are way lower
plus some of the smaller exchanges do not even have enough pairs or offer low fee
think it is just good old human laziness, you find one exchange and then do not bother to look for other options

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: gentlemand on November 06, 2018, 09:06:29 AM

Where do people find exchanges like this? Why do they choose to trust them?

I could understand someone dabbling with a totally unknown quantity in 2011 when everything was crap. In this day and age it makes no sense

I was asking myself the same about websites selling miners back in the December boom, how do people manage to find those websites nobody has ever heard of them, just a few days after they've registered the domain and trust them with money.

In the case of exchanges, I have a theory as I've seen how some new ones are fishing for clients
-open the exchange, add the well-known pairs, inflate the volume by trading between your own bots so people won't say your website is deserted
- start adding pairs of shady tokens that have never hit another exchange and make sure to advertise this on their ann thread
- launch by yourself a few tokens that will only be tradable on your exchange in the first place
- at this point, you have gathered enough customers to make it like look like a real exchange, wait patiently till the clients start leaving real coins like btc or eth on it...
- get hacked

gentlemand

legendary

Activity: 2590

Merit: 3014

Welt Am Draht

Where do people find exchanges like this? Why do they choose to trust them?

I could understand someone dabbling with a totally unknown quantity in 2011 when everything was crap. In this day and age it makes no sense

Betwrong

legendary

Activity: 3374

Merit: 2198

I stand with Ukraine.

Quote from: stompix on November 06, 2018, 05:51:17 AM

~
Unfortunately, I can see a new trend growing here, small exchanges doing some upgrades they now are faulty without bug fixes and then hacking themselves exactly at the right time.

I don't buy this hacker story, when you get hacked you don't start deleting LinkedIn profiles and bitcointalk posts, it's pretty clear that for a moment at least they've tried to run away and erase all traces, probably they've decided against it once they've realized they left behind too much info and tracking them would be a piece of cake.

Me neither. If people lost their money because of their trust in your product, MapleChange exchange in this case, you should be open to the fullest with them. You should spend all of your time replying to the victims, cooperating with them in order to find the hackers together etc. You should report the hack to the police and keep your clients updated every day on the course of the investigation. It looks like these guys were trying to do exactly the opposite. But they will hardly succeed in evading responsibility for their actions.

Here's the link to maybe a bit controversial but still a good detective work on the subject:

https://steemit.com/cryptocurrency/@thinkexclamation/maplechange-a-tale-of-theft-by-two-romanian-brothers

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: Kemarit on November 05, 2018, 05:19:02 PM

For those who wanted to see the post-mortem:

https://pastebin.com/PZD3Qb35

They used a open source called Peatio. (https://github.com/peatio/peatio). But it seems the hacker knows how to exploit a bug on the application itself.

Quote

~

This is another lessons learned for other exchanges to do some internal audit specially if they are using open-source. They already admitted that they're not refunding any BTC or LTC so its another lost for our crypto traders here.

This doesn't eliminate the possibility of an exit hack.
They've could have done this themselves knowing the exploit and blame it on some "hacker".

Unfortunately, I can see a new trend growing here, small exchanges doing some upgrades they now are faulty without bug fixes and then hacking themselves exactly at the right time.

I don't buy this hacker story, when you get hacked you don't start deleting LinkedIn profiles and bitcointalk posts, it's pretty clear that for a moment at least they've tried to run away and erase all traces, probably they've decided against it once they've realized they left behind too much info and tracking them would be a piece of cake.

Kemarit

legendary

Activity: 3080

Merit: 1353

For those who wanted to see the post-mortem:

https://pastebin.com/PZD3Qb35

They used a open source called Peatio. (https://github.com/peatio/peatio). But it seems the hacker knows how to exploit a bug on the application itself.

Quote

The method `unlock_and_sub_funds` has proper conditionals, immediately raising exceptions if the sub amount goes below the balance of the user. In this case, even if the malformed/exploited order did get processed, it would stop here, properly throwing an error in our logs and allowing us to properly investigate. However, the perpetuators knew exactly how this code would run, and as a result abused it using a series of accounts, as you notice in order.rb (https://github.com/peatio/peatio/blob/6fe7e960a12c40053370cb25cdd0968b67041aa0/app/models/order.rb), the call `strike` both calls `hold_account.unlock_and_sub_funds` (removing funds from one account) and adding it onto `expect_account`. If properly executed, this exploit could continue to subtract funds from one account and add onto the other one with no limitations. This is primarily the cause of the bug.

In our version of the code, we have noticed something strikingly bizarre. The conditionals in `account.rb`'s `unlock_and_sub_funds` were completely commented out. Considering our code is base off of Graviex, this is by far the best proof we can provide, the code hasn't been touched for months and we have done little to no work on the ordering system -> https://github.com/gravio-net/graviex/blob/master/app/models/account.rb (line 82).

This is another lessons learned for other exchanges to do some internal audit specially if they are using open-source. They already admitted that they're not refunding any BTC or LTC so its another lost for our crypto traders here.

veleten

legendary

Activity: 2016

Merit: 1106

the good old hack story , I thought the times when the sites would just close
citing a hacker's attack or DDOS and run with the user's money are gone, seems like the answer is a no
small exchanges ,usually, cannot afford good security , its true , but in this case it sounds like an exit scam indeed
they won't be able to refund their customers anyway since even if they somehow , magically reopen, you would have to be a retard to
trust your money to them again, so yeah stay away from small exchanges and do not trust the big ones either
its a pain in the neck to withdraw your funds back and forth, but its better than to lose them all one beautiful day

milewilda

legendary

Activity: 3094

Merit: 1127

Im not really closing the doors on using up new exchange but we should really be careful on selecting which one would be used having a known team behind and dont sees any shady stuff
but most of the time with just basing or using up our own common sense will tell us on what we should gonna use. Always opt in on using olders and reputable exchangers rather than on
non so popular small volume exchangers because tendency of hacking incident would be there either fully accident or just a classical exit scam. This cycle would continue on eternity.

1BTC EQUALS 1CAR

full member

Activity: 602

Merit: 100

I knew that my decision was right on not trusting small time exchanges. They are always have the highest risk on claiming that they got hacked. It's very easy for them to do that unlike big exchanges that has a lot of prominent investors that will hunt them down and that's what keep the exchange to be reliable and implement tighter security.

hatshepsut93

legendary

Activity: 3024

Merit: 2148

Quote from: Rahar02 on October 29, 2018, 07:51:58 PM

A negative side of an exchange with all of the suspicious behavior. Once again, an exchange is not a place to keep funds or coins for a long time, just assume we don't have anything before withdraw. Propel should aware of such things, especially when dealing with the small unregulated exchange.
MapleChange had announced on twitter that they have no more funds to pay anyone back.” Seems like they put all of the coins in hot wallet, lol. If Maplechange have planned exit scam, they may have fled abroad.

It's not as simple as that, usually those who hold big sums on exchanges are traders, they hold money on orders and thus provide liquidity. If no one kept their coins on exchange, we would have far greater volatility and maybe even far lower price. This is why decentralized exchanges are important - they can solve the problem with security and centralization of the market.

buwaytress

legendary

Activity: 2912

Merit: 3603

Join the world-leading crypto sportsbook NOW!

Quote from: snipie on October 30, 2018, 02:22:30 AM

Better to use a trusted exchange with known staff members or at least having real names and locations.
This exchange is scamming users, or else why would it shut down every possible contact with it?
The "hack" story will never end apparently.

Trust me (heh). All the licensing, all the recognisable and known staff members, all the real names and locations won't stop neither hacks nor exit scams, should they happen. Ask Mt Gox users, who trusted everything in it and its owners. Ask people who've been scammed on this forum, by trusted and legendary members. I of course risk my coins with trusted people, for some opportunities, but I'd never give everything I owned to anyone, not the Pope, not even God. Because shit happens when shit happens, and you've got no recourse if you don't control your coin.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: darkangel11 on October 30, 2018, 02:20:10 PM

It's not going to be difficult to find him since he has his face all over the Internet.
https://medium.com/@gladpoenaru
He's not a smart criminal. What was once in the Internet is almost impossible to erase and such childish attempts to delete the site and staff profiles won't make him disappear.

Hmm, I thought the name sounds strange, seems to be a Romanian name, as a lot of people from Romania with this family name come up in a facebook search. Was he even Canadian or actually living in Canada in the first place?

Quote from: Kemarit on October 30, 2018, 01:27:38 AM

LOL, Even their ANN thread was put into Archival Section ,(https://bitcointalksearch.org/topic/al-4366622) last edited Oct 29.

Somebody calls him Flavius there, again a name used in Romania and he has made at least a translation in Romanian:
https://bitcointalksearch.org/topic/m.32530414
Linkedin page is gone also.

Anyhow quite the twist, just yesterday I was reading this:
Hacked Canadian Bitcoin Exchange MapleChange Returns to Twitter, Opens Refund Chat Room
https://finance.yahoo.com/news/hacked-canadian-bitcoin-exchange-maplechange-211556479.html

BitHodler

legendary

Activity: 1526

Merit: 1179

Quote from: snipie on October 30, 2018, 02:22:30 AM

The "hack" story will never end apparently.

Of course not. It's too easy to blame hackers for theft with how ignorant most authorities are when it comes to proper blockchain analysis. It may sound harsh, but this is the risk that comes with using exchanges like this.

Collateral damage it is called.

Quote from: Betwrong on October 31, 2018, 05:57:33 AM

Users would never suffer from "hacks", which in most cases are just vulgar stealing performed by someone from the staff, and all the troubles associated with theft would be internal matters.

Correct. People here tend to forget that most of the operators running these smaller exchanges aren't used to deal with so much easy to access value. It results in situations where they get tempted to run off with user funds.

They have no clue about how they can make more money in the long term by running their exchange in a fair manner. All they care about is that they want a lot money as fast as possible. It's retarded.

Betwrong

legendary

Activity: 3374

Merit: 2198

I stand with Ukraine.

It's probably a good idea to rank exchanges by amount held in cold wallets, like Changpeng Zhao, the CEO of Binance, proposed. If people were using only those exchanges with enough money in cold wallets to cope with any hack there would be no such problems. Users would never suffer from "hacks", which in most cases are just vulgar stealing performed by someone from the staff, and all the troubles associated with theft would be internal matters.

darkangel11

legendary

Activity: 2296

Merit: 1335

Don't let others control your BTC -> self custody

It's not going to be difficult to find him since he has his face all over the Internet.
https://medium.com/@gladpoenaru
He's not a smart criminal. What was once in the Internet is almost impossible to erase and such childish attempts to delete the site and staff profiles won't make him disappear.

At this time, it remains unclear if Poenaru is wholly responsible for the operation but if he is, Maplechang’ed firmly stated that the group will initiate legal action against the individual.

If he's not responsible for the hack he surely is responsible for trying to cover up and avoid responsibility. The site was and social media accounts belonged to him.

shamc

copper member

Activity: 336

Merit: 1

Never heard of this maple exchange, I bet they aren't even Canadian but just used a Canadian host and virtual office. Stick to reputable exchanges, and keep the majority of your coins safe

snipie

legendary

Activity: 3178

Merit: 1140

#SWGT CERTIK Audited

Better to use a trusted exchange with known staff members or at least having real names and locations.
This exchange is scamming users, or else why would it shut down every possible contact with it?
The "hack" story will never end apparently.

Topic: [2018-10-29] Minor Crypto Exchange Pulls Off Exit Scam, Steals All User Funds (Read 447 times)