Two Security Compromises in the Blockchain Ecosystem
It’s time to talk about another few crypto scams that have occurred or been unearthed in the last week or so.
Coinroom, a Polish cryptocurrency exchange, has apparently shut down and disappeared with their customers’ money. They basically stopped operating overnight and vanished off the face of the Earth. Registered in 2016, the company is now being revealed to have some fairly sketchy practices in place.
First, their regulations stipulate that customers only have one day to withdraw their funds. Most customers sign these things without even looking at what they say, and that is a very strange regulation to have. Coinroom seems to have sent an email blast to customers announcing the termination of their contracts and giving them the one day to withdraw funds, but even the customers who did act in time allegedly received part or none of their money.
A Coinroom customer went to the company’s headquarters 2 days after receiving the email, and “the lady at the reception did not want to let me in, she claimed that nobody was in the office. Instead, she called someone from the company. I was asked to leave my details. Nobody contacted me.”
What This Says About Exchanges
This is where it actually makes sense to look at the backers and countries supported for cryptocurrency exchanges. When people put their reputations on the line to work with a company, you can trust that there is going to be a higher quality of care in that case. Frankly, this is one of the reasons that Coinbase has been successful. They are viewed as the most trustworthy.
A lot of exchanges are fly-by-night operations that have just popped up and are depending on low fees and looser privacy disclosures to attract new customers. This is fine, but comes with risks that customers should be aware of. Even if a company doesn’t have well-known backers, it helps to look at what countries it operates in. Having U.S. operations makes it far more likely that they are meeting some regulatory guidelines.
Wallet Service Compromised
Another security hiccup has occurred in a hack of GateHub, a cryptocurrency wallet service. On June 6th, they announced that 100 Ripple Ledger wallets were compromised, likely using an application programming interface (API) to gain access to the encrypted keys.
The total “take” from the heist amounts to $9.5 million, a large portion of which has already been laundered through mixer services. Funds are often laundered out through cryptocurrency exchanges, with mixing services, merchant service providers, and peer-to-peer networks also being a big part of the exit plan for hackers.
GateHub has not posted any official or final conclusions, but with 23,200,000 XRP missing, this does not reflect well on their security. Hackers were able to identify a security flaw in their system, scale it out over more addresses, and co-opt a large amount of funds before anyone was the wiser.
This is once again representative of the problems in the industry that result from low barriers to entry and minimal regulation. Although those are often seen as a good thing – “democratization” – it can also be bad for consumers who don’t know enough about how to manage their funds. Cryptocurrency wallet services are not something to trifle with and users should all be aware of the risks.