Unfortunately, hacks have been pretty common with cryptocurrency exchanges across the globe. But what Trade.io, a lesser-known Switzerland-based cryptocurrency platform, suffered was a rare attack as it affected the exchanges cold wallet.
Was it a security breach or was it an inside job? The mystery continuous
According to the post released on the exchanges Medium blog, the exchange’s security team was alerted to a suspicious transaction involving an exchange-owned wallet. The wallet in question, which was reportedly kept under lock and key in cold storage, held TIO tokens, Trade.io’s native digital asset.
Upon initial investigation, The Swiss Exchange quickly realized some irregular trading activity TIO trading pairs on Bancor and Kucoin, two prominent crypto asset platforms, alerted both Bancor & Kucoin accordingly to disable any deposits & withdrawals, and did the same on trade.io. As TIO transfers ground down to a halt on Kucoin, Bancor, and Trade.io, the exchange’s cybersecurity experts found that 50 million TIO, worth ~$7.8 million U.S. dollars, had been accessed by an authorized user.
To address this security breach, TIO trading was halted on Trade.io until further notice, the altcoin has been delisted by Bancor, and Kucoin has paused deposits and withdrawals until a post-mortem on this unfortunate occurrence is compiled and can be released to the public.
Although various hacks previously have affected exchanges like Bithumb, CoinCheck, and Zaif (most recently), many pointed out that the hack of a cold storage wallet was something unprecedented.
According to Trade.io, it was following proper cold storage protocol to a “T”, reportedly placing its hardware wallets in bank-secured safety deposit boxes, “along with all corresponding materials.” Due to the latter part of that statement, some believed that this hack could only be chalked up to an inside job. But, the exchange had apparently confirmed that the security deposit boxes were not compromised in any way, leaving the case an open-ended mystery.
As future steps, Trade.io has sought to render the stolen TIO useless, with an announcement indicating that the exchange’s top brass, which includes CEO Jim Preissler, have decided to fork the original altcoin into TIOx, hopefully mitigating the impact that the hack will have on the exchange’s ecosystem.
Quoting Preissler from the post,
“To this end, we are currently considering various options with one being a fork, with the objective of making the 50M that were taken from us worthless, but protecting the value of TIO for everyone else, as the 50M are traceable. We will advise on our decision in the next 24 hours following a meeting by our board. Lastly, please be assured, that those participating in the Liquidity Pool, distributions will be completely uninterrupted, and ability to enter and leave the Liquidity Pool will continue as normal.”
Whether this is an inside job or an external security breach, an attack on cold wallet definitely shows that the hackers to are maturing. One will have to update their security standards to take care of these cold wallet attacks as well
Are Cold wallets no more safe enough as they were considered to be? Do let us know your views on the same.
Nilesh Maurya has been associated for past 8 years as an Investment Banker with Omega Capital, a bespoke Investment Banking outfit having offices in Mumbai, New York, Singapore, and Dubai. He has been a regular contributor to business publications such as Business India and Market Express and has been a mentor to many start-up companies. Nilesh Maurya has been associated for past 8 years as an Investment Banker with Omega Capital, a bespoke Investment Banking outfit having offices in Mumbai, New York, Singapore, and Dubai. He has been a regular contributor to business publications such as Business India and Market Express and has been a mentor to many start-up companies. Follow him on Twitter at @KoinKing1 or connect with me on linkedin.