Ricky Hewitt, a user of cryptocurrencies like Bitcoin and Dogecoin, knew a lot of risks associated with using online cryptocurrency exchanges—we’re living in a post-MtGox world, after all. But still, he assumed an exchange called CoinEX.pw was a safe place to trade some bitcoins he had recently purchased in exchange for dogecoins. CoinEX was well-regarded within the Dogecoin community, had an intuitive user interface, and was significantly faster than most of its competitors.
On March 16, Hewitt had just put in an order to buy 91,000 doge when the site shut down. Like many savvy cryptocurrency users, he knew better than to leave his money in an exchange for a long period of time. But, in this case, his funds were trapped even though he only trusted his money to the site for a matter of minutes. He wasn’t the only one affected: The entire exchange had gone down, and users all over the world had no idea where their money had gone.
Hewitt told the Daily Dot he has attempted to contact the exchange’s operators, but never heard anything back. ?I think at this point, with the lack of communication—it would seem this is a theft and…[the coins are] gone,” he speculated.
On forums like Reddit’s r/Dogecoin community and on the influential Bitcointalk.org message board, some users speculated that the funds had been stolen by the site’s administrators themselves.
Posting to Bitcointalk.org, one CoinEX.pw user recounted seeing suspicious activity when he attempted to track his missing dogecoins as they were moved through the ledger containing all of the cryptocurrency’s transaction activity:
I have more bad news.
All of my Dogecoins were diverted to a big wallet today (after the website was already down). So you wold think this will be for security… . But they didn’t stay there. They were send in big lumps to other wallets. I think the coinEX admin is not working at the problem with security but is managing our money and trying to escape with them.
Most probably he is taking them to an exchange and selling them for bitcoins.
Based on that thief’s Bitocin wallet activity, it looked like he was selling of a lot more than this one person’s coins.
A few days later, the site’s operator, who goes by the handle Erundook, took to Bitcointalk.org and confirmed what many had feared: Hackers had cleaned the exchange out. Here’s his statement:
Long story short: yes, our wallet server got hacked and all funds were withdrawn.
Please read back to the beginning of this thread, we had such a problem before and *returned all the stolen funds from our own pockets*. Before this hack happened, we also had several attacks that lost funds and we silently covered those from our fees.
For those who was stalking me at internets: thats true, i was trying to hide/delete my accounts. At the very first moment i saw zero balance at our bitcoin wallet i knew this was coming. And it scared the shit out of me. Hope you can understand that. About me selling bitcoins at localbitcoins.com: thats true too. I have 33mh/s scrypt gpu mining farm, I have >50% of coinex fees + I get % from cryptostocks share sells. Nothing criminal here again.
So again, please calm down. We are not doing a runner.
The only way i can see to restore this is to sell more shares at cryptostocks to cover the losses *and to hire a professional security audit team to prevent this from happening again*.
Long story short, we’re covering this from our own pockets again.
In a post on his I Kill Nerds site, blogger Dwayne Charrington claimed that, in the days since the exchange went down, the site’s operator has deleted his Twitter and Github accounts.
Representatives from CoinEX.pw did not respond to the Daily Dot’s requests for comment. But it seems clear that Erundook’s Bitcointalk.org post was specifically tailored to address concerns that the theft had been an inside job.
Even though CoinEX.pw’s exchange has gone down, its affiliated mining pool is still up and running.
The dollar amounts involved aren’t enormous—Hewitt’s 91,000 doge comes out to about $76—and the exchange has promised to refund everyone’s money. Still, the growing inability of many cryptocurrency enthusiasts to place even a modicum of trust that a significant number of the institutions handling their money are secure may be the single largest problem currently facing virtual currencies.
Despite a general move by businesses handling virtual currencies to adopt many of the best practices employed by traditional financial institutions, most still do not have policies insuring the holdings individual depositors against theft. As a result, when an exchange or online wallet service gets hacked and sees all of its coins suddenly vanish, customers whose money was absconded with are generally out of luck, unless the exchange’s operators have enough in reserves to cover the losses out of pocket. However, in recent months, a handful of business have started looking into offering insurance for cryptocurrencies.
?I cannot speak for others, but my coins were not held on the exchange for more than a few minutes. If we can’t rely on exchanges, then it makes things very difficult,” Hewitt explained. ?I’m a programmer not a economics guy, so I’d rather not speculate [how other members of the Dogecoin community will react to the insecurity of online exchanges]…but it’s no doubt discouraging. I imagine most people have used an exchange, and if MtGox and CoinEX can both disappear in an instant then so can every other exchange.”
Photo by stevegarfield/Flickr (CC BY 2.0)
