In hand-to-hand fist fights, it is not like gentlemen to kick their opponents while they are already down. However, in the emerging cryptocurrency market, which has been bashed by violent sell-offs in the past nine months, malicious actors still seem poised to attack, hack, and steal from industry targets.
On Sunday, Trade.io, a lesser-known Switerzerland-based cryptocurrency platform, divulged that its security team was alerted to a suspicious transaction involving an exchange-owned wallet. The wallet in question, which was reportedly kept under lock and key in cold storage, held TIO tokens, Trade.io’s native digital asset.
Upon further investigation, the Swiss startup’s quickly realized that something was amok, as TIO trading pairs on Bancor and Kucoin, two prominent crypto asset platforms, were acting up, to put it lightly. Alerted by the presence of this potentially dubious trade activity, the Trade.io security squad decided to alert the aforementioned exchanges to pause TIO deposits and withdrawals. As TIO transfers ground down to a halt on Kucoin, Bancor, and Trade.io, the exchange’s cybersecurity experts found that 50 million TIO, worth ~$7.8 million U.S. dollars, had been accessed by an authorized user.
Out of the 50 million tokens, which were originally allocated for Trade.io’s Liquidity Pool, 2.6 million were sent to Bancor and Kucoin, likely resulting in the “irregular trading activity” that the exchange mentioned earlier. It can be assumed that the 2.6 million TIO tokens, valued at $380,000 at the time of press, were sold en-masse as the hackers attempted to cash in on their ill-gotten gains.
To address this security breach, TIO trading has been halted on Trade.io until further notice, the altcoin has been delisted by Bancor, and Kucoin has paused deposits and withdrawals until a post-mortem on this unfortunate occurrence is compiled and can be released to the public.
Although hacks like this are commonplace, with Bithumb, CoinCheck, and Zaif (most recently) all suffering substantial crypto asset losses to attackers, many pointed out that the hack of a cold storage wallet is nearly unprecedented.
According to Trade.io, it was following proper cold storage protocol to a “T”, reportedly placing its hardware wallets in bank-secured safety deposit boxes, “along with all corresponding materials.” Due to the latter part of that statement, some believed that this hack could only be chalked up to an inside job. But, the exchange had apparently confirmed that the security deposit boxes were not compromised in any way, leaving the case an open-ended mystery.
So for now, Trade.io has sought to render the stolen TIO useless, with an announcement indicating that the exchange’s top brass, which includes CEO Jim Preissler, have decided to fork the original altcoin into TIOx, hopefully mitigating the impact that the hack will have on the startup’s ecosystem.
Ironically enough, the startup’s advertised slogan is:
“A revolutionary crypto exchange and modern financial services firm focused on blockchain technology, providing the ultimate in security and transparency.”
And evidently, with this most recent hack, the “security” part of Trade.io’s call-to-arms should maybe be called into question, as again, the breach of a cold storage solution may be a worrying sign. Surprisingly, at the time of writing, TIO is only down 0.5% in the past 24 hours, potentially indicating that the news of this $7.8 million hack flew under the radar of most crypto investors.
Rumors have flown around that North Korea-based Lazarus, a now-notorious hacker group within the crypto community, was responsible for the attack, as the group is reportedly responsible for upwards of four attacks on popular cryptocurrency exchanges in the past two years.