On Wednesday the 14th of November 2018 we were alerted to some questionable trades on the Doge-BTC Market, A user had placed a buy order for just over 11btc worth of Dogecoin at 100 sats price which is way above the current price, Said user then went on and bought mass amounts of x42 off the books pumping the price.
Upon checking the bitcoin wallet we noticed it was empty and we instantly locked down the users account and suspended trading and withdraws so we could investigate.
There was no breach to any of the wallet servers nor to the actual website server itself and there was no injections on any open ports.
We have now learned after speaking with security experts in the field there seems to be a vulnerability in the OpenSource exchange script we were using (OpenTrade) that allows a user to inject a false balance which is what has happened here.
Checking through the logs we can see the hacker credited themselves with 25 BTC in to their account on our database end, then began placing these large orders hoping people would sell into his high profit buys, we can also she he began by emptying the bitcoin wallet, then moved on to doge and x42, all other coins remain un-touched and safe. The hacker made many small withdraws over several minutes at which point we stopped them mid hack and managed to recover some funds before they withdrew them. We were alerted by other users to huge sells over at start-ex on x42 coin so we instantly reached out to them who worked with us to lock out the hackers account and null their balances, unfortunately though they had already withdrawn the BTC they gained from the selling of x42, Also due to the speed and help of start-ex we managed to recover some users stolen x42 that the hacker hadn't managed to sell off in time and we would like to thank Start-Ex for working with us as a community to limit the effect the hacker has caused.
After investigating all of the logs and balances here is what the hacker has taken:
864878 doge
2.785 BTC
61924 x42
21435 of that x42 was recovered with the help of Start-ex.
We also managed to recover:
249784 Dogecoin
9627.29907143 x42
before they could withdraw them from the exchange.
I know the hacker will have used fake details but here is the information we have on them:
Username: kondratlipski
Email:
[email protected]Off exchange BTC address coins were withdrawn to:
https://www.blockchain.com/btc/address/1B1dSfEABWvs9rb2ZYvuU3SkBKh5sELyTuOff exchange Dogecoin address coins were withdrawn to:
https://dogechain.info/address/DDJWcffLV6x88Uk1eMhqArwrc45hoJ6SVgAs we said above the other coins listed and other balances remained un-touched.
Due to the vulnerability in the OpenTrade platform we have decided not to re-open the exchange for trading and we have disabled automatic withdraws to ensure no one can manipulate and steal any more balances.
We have removed all of the hackers trades from the exchange and credited back balances of the coins you held and we are inviting users of AltMarkets to request a refund of their balances via ticket process.
We will shortly be re-enabling the ability to login to the exchange so you can confirm your balances held on the exchange and request the return of the balances which will be answered in a strict order of receipt (oldest tickets answered first) if you open multiple tickets you are pushing yourself to the back of the line.
Please open a ticket with the following information:
Altmarkets Username:
email address used on the exchange:
screenshot of all balances for each coin held or copy paste them one line at a time.
And a withdraw address for each coin you hold.
If you fail to submit the tickets in this format you will delay your refund.
Refunds will be processed from Thursday the 15th of November 2018 to Thursday the 22nd of November 2018 or sooner if all coins have been returned
If you fail to get your refund request in by then we wont be able to refund you so act fast.
you can submit tickets for refund here:
https://altmarkets.freshdesk.com/support/homeLogin Here to get your screenshots:https://altmarkets.cc/login