Swiss blockchain company Trade.io has been hacked. The business reported nearly $8 million in cryptocurrency funds stolen from a cold storage wallet located in a safety deposit box at a local bank.
Cryptocurrency hacks are nothing new. We’ve been witnessing events like these since 2014 when Mt. Gox, then the biggest bitcoin and digital currency exchange in the world, lost nearly half-a-million in BTC overnight. The scruples of the company’s then CEO Mark Karpeles have been called into question ever since. Karpeles later served time in a Japanese jail, and the company has since begun issuing refunds to all victims affected by the data breach.
Mt. Gox held the position of largest digital currency hack for nearly four years until January 2018 when Japanese cryptocurrency exchange Coincheck lost over $500 in assorted digital funds. The company had been utilizing what’s known as hot wallet storage, which is known for its lack of security, and Japan’s Financial Services Agency (FSA) saw the need to get involved. It began issuing warnings to several crypto exchanges and told them that if they didn’t beef up their security, they would be shut down.
What Makes This Unique?
The key words to take from this situation are “cold storage,” which is what Trade.io claims to have been utilizing. Cold storage usually involves storing items – in this case, digital assets – offline, meaning that they are harder to control or steal, so it’s unusual to see the funds disappear as they have.
The company reports to have lost 50 million Trade Tokens (TIO), its own cryptocurrency. Said to be worth approximately $7.5 million, the coins were stolen at 14:40 GMT on Sunday. The assets were transferred to two separate exchanges – Kucoin and Bancor – before Trade.io realized what was happening and put in the request to have the transactions frozen.
Taking Control of the Situation
At press time, TIO trading is suspended on both Kucoin and Trade.io itself, while the token has been taken off Bancor permanently. The money stolen was intended for Trade.io’s liquidity pool, and executives have since commented that they are considering a fork to save the funds.
“While the investigation is ongoing, based on Etherscan records, we can confirm that the 50 million TIO allocated for the liquidity pool being held in cold storage has been withdrawn, and an estimated 1.3 million of that has been transferred to both Bancor and Kucoin respectively… It’s obvious that Trade.io is now a major focal point of competitors and those attempting to destroy the movement that is on the ground floor, and we guarantee we will not bow down to their actions.”
How Does A Cold Storage Hack Occur?
Trade.io also made the following announcement:
“While this is an extremely strange situation, unfortunately breaches of cold storage are not unprecedented even when following security protocols to a ‘T.’ We use industry recommended cold storage, which is maintained in safety deposit boxes in banks along with all corresponding materials. We have confirmed that the safety deposit boxes were not compromised.”
This means that whoever’s responsible for the hack didn’t have access to the bank-based storage, but somehow was able to garner the wallet address necessary for the transfers. Typically, cold storage hacks are the products of “inside jobs,” though it’s unclear just how many hackers were involved and how they managed to gain control of the wallet.
As strange and unique as this story is, it’s not out of the ordinary. A recently cold wallet hack occurred through a “man-in-the-middle” attack when a cryptocurrency hodler had approximately $34,000 in crypto funds stolen from his Ledger hardware wallet after a reseller loaded a seed phase into the device, thereby allowing them to empty the device remotely.