Pages:
Author

Topic: Cryptoine.com HACKED [race condition bug] [exchange closed] (Read 3389 times)

legendary
Activity: 1778
Merit: 1043
#Free market
The site is closed now, due their previous message:


....
2015-04-03 16:00 UTC
Please withdraw your coins, you should do it ASAP!

This website and all services will be unavailable after April 30 2015.

....

legendary
Activity: 1778
Merit: 1043
#Free market
Another news on their site:


2015-04-04 09:15 UTC
Users will receive 100% XMG refund. Thanks to joelao95 (@coinmagi) 14996 XMG donation.


2015-04-03 16:00 UTC
Please withdraw your coins, you should do it ASAP!

This website and all services will be unavailable after April 30 2015.


Here the coin status: https://cryptoine.com/currency/status

Too many hacks, and I hope now you will never keep your coin on an exchange (it is so risky).
legendary
Activity: 2772
Merit: 2846
How to make money:

1. Start a Bitcoin / shitcoin exchange

2. Let it run for a bit, pretend to be honest

3. Get "hacked"

Bonus points if only a portion are "stolen" in the hack and you can "return" some of them to make sure nobody tries to hunt you down and give you a proper beating.

I agree if it's a bigger exchange, but cryptoine only had 5-6 bitcoins hacked. It's a nice little payout for someone, but it's not a life changing amount. 100 bitcoins could make a difference to someone's life, but 5-6 bitcoins won't.
sr. member
Activity: 391
Merit: 250
How to make money:

1. Start a Bitcoin / shitcoin exchange

2. Let it run for a bit, pretend to be honest

3. Get "hacked"

Bonus points if only a portion are "stolen" in the hack and you can "return" some of them to make sure nobody tries to hunt you down and give you a proper beating.
legendary
Activity: 1778
Merit: 1043
#Free market
Another news on the site (added to the OP):

015-03-27 21:26 UTC

Users will receive a refund in the following amounts:

40% bitcoin,
40% litecoin,
90% urocoin,
65% dogecoin,
40% bitcoinscrypt,
82% magi,
40% darkcoin,
50% dogecoindark,
40% cannabis
100% of other coins (or equivalent in other cryptocurrency)
This applies to balances before attacker activity! (2015-03-24 03:15)



It seems they want to refund all the "customers" with a percentual (40% of bitcoin  Roll Eyes).
legendary
Activity: 1778
Merit: 1043
#Free market
Another update :

2015-03-26 08:36 UTC

We apologize everyone, and thank you all for your understanding.

Attacker acted in hours from 3:15 to 10:00 UTC.

Cryptoine database is reversed to 2015-03-24 03:08 UTC and frozen.

In response to many questions...

There was no break-in to the system
There was no leak of data
Wallet private keys are safe and not compromised
The attacker was not able to execute any external code
The bug has been located and fixed. However, the losses are irreversible. We plan to complete the activity of exchange.

We will enable withdrawals in April 2015.

It's sad to say goodbye to all crypto-community. We need to take a few months break. But we will back stronger and more experienced than ever before.
legendary
Activity: 1778
Merit: 1043
#Free market
Here some interesting articles :

Not even a month has passed since AllCrypt Bitcoin was taken down and another Altcoin exchange has been attacked by hackers. Cryptoine offers numerous markets that are generally absent from larger exchanges. Apparently, it has stopped operating due to a hack attack. Operators of Cryptoine have promised to reveal details but no specific time or date has been declared as of now.


https://www.hackread.com/bitcoin-altcoin-exchange-cryptoine-gets-hacked/


Another altcoin exchange has been hacked, not even a month after AllCrypt went down. Cryptoine, which offers a number of markets not available at larger exchanges, is down as of this morning, claiming a hack. The operators have promised to be forthcoming with details at an unspecified time and date.
....
Multi-Signature Withdrawals More Necessary Than Ever

This attack, along with other recent attacks such as the one on the Chinese exchange Bter, co-incides with wide-ranging calls in the community for broader implementation of multi-signature security. There is a lot of suspicion that exchanges are not implementing such because in most cases these supposed “hacks” are in fact inside jobs not unlike Ponzi schemes where the owners make off with the funds once there is a sufficient amount.

https://www.cryptocoinsnews.com/bitcoin-altcoin-exchange-cryptoine-hacked/
hero member
Activity: 714
Merit: 500
Our hot wallets was drained
...
We had wallets in the ratio 60%/40% (hot/cold).
...
1HF3WND3pG9VEW6Kt7Qj33LoCqVbFpHp2n    0.1             bitcoin       46.98.75.23    2015-03-24 08:20:04.507378
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:31:50.770491
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:28:40.170138
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:27:57.658323
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:23:13.164357
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:21:27.592489
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:18:45.405848
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:16:58.138757

Is that it? 5.6 btc is what they had on hot wallet and that was 60% of everything they had?


its not a popular exchange site, so its not that shocking why they got only few coins in their wallets and the good news is they were drained for a small amount..

5-6 bitcoins is a lot of 'money' for a small - medium exchange like Cryptoine.com ; they should improve their security (I have already lost a couple of bitcoin on bter and I was lucky because I didn't keep btc or others altcoin on cryptoine). Never keep money on an exchange, deposit >> change >> withdraw in less then 10 minutes.
hero member
Activity: 602
Merit: 500
Our hot wallets was drained
...
We had wallets in the ratio 60%/40% (hot/cold).
...
1HF3WND3pG9VEW6Kt7Qj33LoCqVbFpHp2n    0.1             bitcoin       46.98.75.23    2015-03-24 08:20:04.507378
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:31:50.770491
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:28:40.170138
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:27:57.658323
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:23:13.164357
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:21:27.592489
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:18:45.405848
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:16:58.138757

Is that it? 5.6 btc is what they had on hot wallet and that was 60% of everything they had?


its not a popular exchange site, so its not that shocking why they got only few coins in their wallets and the good news is they were drained for a small amount..
hero member
Activity: 896
Merit: 1000
Our hot wallets was drained
...
We had wallets in the ratio 60%/40% (hot/cold).
...
1HF3WND3pG9VEW6Kt7Qj33LoCqVbFpHp2n    0.1             bitcoin       46.98.75.23    2015-03-24 08:20:04.507378
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:31:50.770491
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:28:40.170138
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:27:57.658323
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:23:13.164357
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:21:27.592489
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:18:45.405848
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:16:58.138757

Is that it? 5.6 btc is what they had on hot wallet and that was 60% of everything they had?
sr. member
Activity: 756
Merit: 250
Infleum
The amount lost wasnt so big, wondering why this guy stole some low value coins like dogedark, the damage done seem to be less than ~15 BTC the "hacker" was indeed smart enough to gather this by using exploit from the site

And in "speculation" people are giving this as one of the reasons of todays crash. Really? Most of us (bitcointalk users) have more coins in our personal wallets.
Remember people, next time you want to influence the price of Bitcoin start your own exchange and then call some news sites to let them know you were hacked. Especially Coindesk, they just love to make a fuss.
legendary
Activity: 2562
Merit: 1414
News :

2015-03-24 19:45 UTC

Our hot wallets was drained, coins: bitcoin, litecoin, urocoin, dogecoin, bitcoinscrypt, magi, darkcoin, dogecoindark, cannabis

All coins that we have, will be returned to users. Coins stolen - in correspondingly smaller quantities.

We had wallets in the ratio 60%/40% (hot/cold).

withdrawals made by hacker:

address                                 amount          coin          ip                date
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    500             litecoin      46.98.75.23    2015-03-24 09:00:22.886758
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    24.99746504     litecoin      46.98.75.23    2015-03-24 08:28:21.178608
1HF3WND3pG9VEW6Kt7Qj33LoCqVbFpHp2n    0.1             bitcoin       46.98.75.23    2015-03-24 08:20:04.507378
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    7.94331864      litecoin      46.98.75.23    2015-03-24 08:06:02.539477
Um2fYEPJ9uVnC31bxaFWBD7PmrzhgUNE2D    16.89396348     urocoin       46.98.75.23    2015-03-24 08:04:50.16697
DHXBCX6qsayWYdTw9DygE5pmBfaQG9TxUk    36661.31739499  dogecoin      46.98.78.245    2015-03-24 07:16:00.387179
1NuEdUhdwVsuFg2noqpNjcpBamEJMYXHUv    2999.99943972   bitcoinscrypt 46.98.78.245    2015-03-24 07:02:02.404771
DHXBCX6qsayWYdTw9DygE5pmBfaQG9TxUk    32265.60946069  dogecoin      46.98.78.245    2015-03-24 05:40:55.727633
99grxHJ2cMAZpbtqbNaTbcpnNjxQ2XoGs8    14996.31229316  magi          46.98.78.245    2015-03-24 05:33:57.490186
Xe6duo43m3xWb2Hw3CFVo3EJJ56m29L5kg    15.44527325     darkcoin      46.98.78.245    2015-03-24 05:25:27.019065
D5AuHhndAvFARTJ9MJ8qJkJgC1iHGNVy42    219999.99997229 dogecoindark  46.98.78.245    2015-03-24 05:24:15.654911
CbtR69smzynN1MfTZXmWje9Ay8VgeWgfxz    2156.27062232   cannabis      46.98.78.245    2015-03-24 05:21:52.423902
1NuEdUhdwVsuFg2noqpNjcpBamEJMYXHUv    8459.64676958   bitcoinscrypt 46.98.78.245    2015-03-24 05:19:37.350262
DHXBCX6qsayWYdTw9DygE5pmBfaQG9TxUk    265334.39030659 dogecoin      46.98.78.245    2015-03-24 05:10:24.015617
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    2.16209537      litecoin      46.98.33.104    2015-03-24 04:34:30.514059
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:31:50.770491
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:28:40.170138
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:27:57.658323
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:23:13.164357
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:21:27.592489
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:18:45.405848
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:16:58.138757
DGbs2YfkN5n5sALDdZmSRpdPa5mVtW5HQX    6               dogecoin      46.98.33.104    2015-03-24 03:29:29.110043
Registered to e-mail addresses: [email protected], [email protected], [email protected]



The amount lost wasnt so big, wondering why this guy stole some low value coins like dogedark, the damage done seem to be less than ~15 BTC the "hacker" was indeed smart enough to gather this by using exploit from the site
sr. member
Activity: 348
Merit: 250
Looking at that list I can see it's a much lower volume exchange than I thought. I feel sorry for all the customers who lost something there but at least they didn't lose the kind of money some Bter customers lost.
legendary
Activity: 1778
Merit: 1043
#Free market
News :

2015-03-24 19:45 UTC

Our hot wallets was drained, coins: bitcoin, litecoin, urocoin, dogecoin, bitcoinscrypt, magi, darkcoin, dogecoindark, cannabis

All coins that we have, will be returned to users. Coins stolen - in correspondingly smaller quantities.

We had wallets in the ratio 60%/40% (hot/cold).

withdrawals made by hacker:

address                                 amount          coin          ip                date
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    500             litecoin      46.98.75.23    2015-03-24 09:00:22.886758
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    24.99746504     litecoin      46.98.75.23    2015-03-24 08:28:21.178608
1HF3WND3pG9VEW6Kt7Qj33LoCqVbFpHp2n    0.1             bitcoin       46.98.75.23    2015-03-24 08:20:04.507378
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    7.94331864      litecoin      46.98.75.23    2015-03-24 08:06:02.539477
Um2fYEPJ9uVnC31bxaFWBD7PmrzhgUNE2D    16.89396348     urocoin       46.98.75.23    2015-03-24 08:04:50.16697
DHXBCX6qsayWYdTw9DygE5pmBfaQG9TxUk    36661.31739499  dogecoin      46.98.78.245    2015-03-24 07:16:00.387179
1NuEdUhdwVsuFg2noqpNjcpBamEJMYXHUv    2999.99943972   bitcoinscrypt 46.98.78.245    2015-03-24 07:02:02.404771
DHXBCX6qsayWYdTw9DygE5pmBfaQG9TxUk    32265.60946069  dogecoin      46.98.78.245    2015-03-24 05:40:55.727633
99grxHJ2cMAZpbtqbNaTbcpnNjxQ2XoGs8    14996.31229316  magi          46.98.78.245    2015-03-24 05:33:57.490186
Xe6duo43m3xWb2Hw3CFVo3EJJ56m29L5kg    15.44527325     darkcoin      46.98.78.245    2015-03-24 05:25:27.019065
D5AuHhndAvFARTJ9MJ8qJkJgC1iHGNVy42    219999.99997229 dogecoindark  46.98.78.245    2015-03-24 05:24:15.654911
CbtR69smzynN1MfTZXmWje9Ay8VgeWgfxz    2156.27062232   cannabis      46.98.78.245    2015-03-24 05:21:52.423902
1NuEdUhdwVsuFg2noqpNjcpBamEJMYXHUv    8459.64676958   bitcoinscrypt 46.98.78.245    2015-03-24 05:19:37.350262
DHXBCX6qsayWYdTw9DygE5pmBfaQG9TxUk    265334.39030659 dogecoin      46.98.78.245    2015-03-24 05:10:24.015617
LN6Y9Etr5B1p6A7DdkUGUef9U4tV1NajYa    2.16209537      litecoin      46.98.33.104    2015-03-24 04:34:30.514059
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:31:50.770491
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:28:40.170138
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:27:57.658323
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:23:13.164357
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:21:27.592489
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    1               bitcoin       46.98.33.104    2015-03-24 04:18:45.405848
1Dwoam5EXn6g1NuAK8moEd5cpDvUFcqvPi    0.5             bitcoin       46.98.33.104    2015-03-24 04:16:58.138757
DGbs2YfkN5n5sALDdZmSRpdPa5mVtW5HQX    6               dogecoin      46.98.33.104    2015-03-24 03:29:29.110043
Registered to e-mail addresses: [email protected], [email protected], [email protected]
sr. member
Activity: 756
Merit: 250
Infleum
You know what is funny? From time to time I read random news like this about an exchange being hacked and in most cases it's the first time I even see its name. Maybe i'm a complete noob and have been living under a rock for the whole year, but honestly I could pull at least 10 names of big exchanges out of my mind at any moment (and know at least another 10) and never ever have I heard the name Cryptoine. It seems this one is getting more popularity after death than it did during its life, just like some musicians who committed suicide. Wink
sr. member
Activity: 348
Merit: 250
Feel like alot of sites have been hacked recently, first it was lendo then evolution now this  Shocked

Evolution was not exactly hacked, the administrator shut it down and stole everyone's coins. When Bter got "hacked" there were suspicions it was an inside job, but nobody can prove if t was or wasn't. Evolution was definitely an inside job.

Do you think that also Cryptoine 'hack' was an inside job? I can't find their cold wallet address maybe someone of you knows it.

I can't guess whether it was an inside job or not. They claim someone figured out how to make his account appear to hold more coins than it contained. When Poloniex was hacked they said the same thing, and so did Justcoin. They all gave different bugs responsible for their hacks, but at the end of the day we had to take their word for it, whether we believed it or not.
legendary
Activity: 2562
Merit: 1414
this is not likely "hacked" as I read it

this is like using an exploit to get a false balance

Quote
The hacker found some race condition bug in our trading engine. Manipulation of orders gave him false balances.

This is a new case, The person was smart enough to know that there is an exploit and thus giving him a false balance and im sure he managed to withdraw quite the amount there, wonder if this is actually an inside job from the owner in attempt to stole everyone's coins
legendary
Activity: 2576
Merit: 1073
From Mark Twain's "The Adventures of Huckleberry Finn" (1885):

Quote
““Yes. You know that one-laigged nigger dat b’longs to old Misto Bradish? Well, he sot up a bank, en say anybody dat put in a dollar would git fo’ dollars mo’ at de en’ er de year. Well, all de niggers went in, but dey didn’t have much. I wuz de on’y one dat had much. So I stuck out for mo’ dan fo’ dollars, en I said ’f I didn’ git it I’d start a bank mysef. Well, o’ course dat nigger want’ to keep me out er de business, bekase he says dey warn’t business ’nough for two banks, so he say I could put in my five dollars en he pay me thirty-five at de en’ er de year.
“So I done it. Den I reck’n’d I’d inves’ de thirty-five dollars right off en keep things a-movin’. Dey wuz a nigger name’ Bob, dat had ketched a wood-flat, en his marster didn’ know it; en I bought it off’n him en told him to take de thirty-five dollars when de en’ er de year come; but somebody stole de wood-flat dat night, en nex day de one-laigged nigger say de bank’s busted. So dey didn’ none uv us git no money.”

This is what I remember when I listen such news about hacked exchanges lately...  Roll Eyes. Open a bank it the morning, get the money in during the day, then tell everybody next day the bank's busted... Thats it, clean and simple. Not stating every single case is like that, but I suspect the majority is. They should call a police and let them start investigation, otherwise I am sure this is an inside job (may be planned from beginning or not). That's very convenient way to close an unprofitable business...
legendary
Activity: 1246
Merit: 1000
103 days, 21 hours and 10 minutes.
Seems like every other day another exchange gets hacked.

hero member
Activity: 714
Merit: 500
Feel like alot of sites have been hacked recently, first it was lendo then evolution now this  Shocked

Evolution was not exactly hacked, the administrator shut it down and stole everyone's coins. When Bter got "hacked" there were suspicions it was an inside job, but nobody can prove if t was or wasn't. Evolution was definitely an inside job.

Do you think that also Cryptoine 'hack' was an inside job? I can't find their cold wallet address maybe someone of you knows it.
Pages:
Jump to: