Topic: EXMO hacked: Losses 5% of total assets (Read 230 times)

I doubt that they'd be able to cover it all upfront if people pulled out their money all at once. That is just my speculation though and may not reflect reality.

These semi-regulated/unregulated exchanges have virtually no capital requirements and are subject to no audits, which is the scary part.

Sure, if they keep operating and the fees keep rolling in they could eventually break even and get themselves out of a position of insolvency. But even then, 5% is no small amount - as you said, it is 1/3 of the daily turnover and I'd assume there is a lot of staff to pay too.

I agree this is probably what is happening. It is highly unlikely that EXMO had profits exceeding 6% of all their deposits just sitting around in cold storage doing nothing which they could use to immediately cover this hack. It is good that they have said no customer will lose out because of this, but like other exchanges which have been hacked in the past, they are now banking (pun intended ) on the fact that the majority of their customers will either not realize they have been hacked or not realize the implications of the hack, and leave their coins on the exchange. They need to keep operating long enough to be able to recoup these losses, but every existing and future customer is gambling with every deposit they make to EXMO.

This only works if the majority of their customers don't try to withdraw their coins. If everyone tried to withdraw, the people who are last in the queue would get nothing. It is essentially a fractional reserve. Wise users will withdraw all their coins immediately.

If they manage the process intelligently, even if more than 10% has been breached, users will not notice this as it is possible to withdraw from the wallet safely. Therefore, if they have liquidity, they will deposit it in hot wallets in order to ensure that there is no panic and random withdrawal of balances.

EXMO is unknown exchange and the reason for the hack may be an old employee or a tax evasion attempt

I never used EXMO exchange but anything can be hacked and the bigger something is the bigger hack will be, but maybe it has something connected with ripple coin last days.
On coinmarketcap Exmo is showing 25 million trading volume, but I don't believe that is real number and real volume.

it certainly is. with a rinky-dink exchange like exmo, i would not assume they are solvent after taking a hit like this. 5% sounds small in relative terms but just looking at the BTC, ETH, and USDT losses alone, we're talking $8 million + lost.

that represents 1/3 of exmo's daily volume. the number of BTC stolen represents 3/4 of their entire BTC/USD order book!


they claim to be covering all losses from their own pocket:


i'm skeptical though. this is definitely how fractional reserve begins on some exchanges. they get hacked for more than they can afford, then they go into damage control mode and just hope they can cover withdrawal requests.

i have similar concerns about kucoin.

It was an attempt to placate the customer from leaving the exchange, in fact it was a loss that was shared by all their customers. Fortunately, only "5%" (their admission). Given that I've never heard of this exchange, it may be a small exchange.

This is the difficulty of auditing CEX's. There is always a risk of insider activity that may not be picked up by even impartial auditors because they can cover their tracks so well. I'm not saying that EXMO is guilty of this, but simply that you can never be sure with CEX's and it can therefore be difficult to find recourse if you are a depositor.

I would actually think that 5% of total assets is a lot, especially considering that exchanges may not have all deposits in liquid BTC and invested in other assets to earn interest.

How they deal with this will be interesting. Will shareholder equity simply take a hit to cover the 5%? Or do all depositors just lose 5% of their balance held with the exchange? The paths that can be taken have drastically different legal implications.

Cant really remove those kind of suspicions when it comes to hacking incident where you would really be doubtful if its really indeed a hack or just some sort of show off and just trying to steal out peoples funds.

This is my first time on hearing out this platform and in all exchanges that do currently exist as of today then its no surprise that hacking incidents like this isnt something new.
These places are just like honey pots of hackers knowing that its been storing lots of money.

5% wont really be that big though rather than on losing 30-50% or entire total funds of said platform.It can be easily patched it up though.

This is meaningless. As a centralized exchange, the balances which are displayed on a user's account are simply numbers on a spreadsheet. Once you have deposited coins to the exchange, you account is credited with the appropriate balance and your money is swept in to their central wallets. Just like when you log in to an online bank account, there isn't actually a safe in the bank with your name on it and the exact amount of fiat inside it - it's just entries on an internal database. Their hot wallets and cold wallets could be hacked, be completely emptied, be corrupted, be lost in an explosion, etc. and your account balance wouldn't change.

The main question here is whether or not they are still holding enough cryptocurrency to cover all customers' deposited funds, and there is no way they are going to admit to being insolvent if that is the case. For their users' sake hopefully 5-6% loss is enough for them to cover and continue to operate, but if you have funds on this exchange, now would be a good time to withdraw them to your own wallet.

As usual, this backwards way of thinking crops up again. It is not other exchanges' responsibility to deal with the fallout of your poor security. More importantly, we should not be policing the blockchain nor blacklisting addresses because of your poor security. You made your bed, now you lie in it. Stop trying to censor bitcoin because of your mistakes.

Luckily none of their users were affected by this...

It is. The hacker in question managed to withdraw almost 292 BTCitcoins ^{[I didn't check other coins]}.

---

Update on the incident

I'm not one of their users but I do like the steps they're taking for dealing with this matter... Having said those, seeing how fast they're dealing with the issue made me wonder how they didn't notice sooner before allowing that hacker to make "40 successful large withdrawals in quick successions". Something doesn't seem right here ^{[perhaps it could be an inside job of some sort]}

5% is not a huge loss. Well, that may be a lot of money cause it is a bit exchange, but they can certainly recover from it
Always good to rememebr; not your keys, not your coins.

Nowadays lots of exchanges offer some interest if you give your coins to them. Dont. Remember that they can be hacked.

Never heard of this exchange til now.
And searching a bit, they are Russian-based exchange.
At least, they have seen the withdrawals at early stage so the hackers just managed to get 5% of their assets.
With this small loss, I hope they can easily give the funds to its users who lost money.
Another lesson here for crypto traders/users, never leave your funds in the exchange.

According to their blog:


https://info.exmo.com/en/notifications/exmo-security-incident-update/

We are just about to end 2020, but criminals are not resting even in this holidays and will strike no matter what. Although this exchanges is not that well known, but still the loot of $5M is too big for one exchange to lose.

Addresses of the supposedly hackers:

• BTC — 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq
• USDT (ERC20) — 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce
• ETH — 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce
• BCH — qrfrw5q9gag2vp6jc5nlx0haplm2jlhx9vsvxd9u3e
• ZEC — t1StUQiw1YyHT515xDxwxjfhEcw2iGSq2yL
• XRP — rwU8rAiE2eyEPz3sikfbHuqCuiAtdXqa2v (tag 2033412069)
• ETC — 0x4d9EF6846126Da2867AF503448be0508542C971e