The altcoin exchange Excoin has announced that it will soon shut down after alleging that an attacker was able to withdraw all the bitcoins from the exchange.
With a trading engine written in Go, Excoin launched what was predominantly a Blackcoin exchange back in November of 2014. Excoin also featured a proof of reserve page which reassured members that their funds were securely stored and accounted for.
As a result of the alleged theft, Lead Developer Samantha Chen posted the following announcement:
February 6th and 10th, the user 'Ambiorx' was able to gain access to all the Bitcoins on the Exco.in exchange. As a result we no longer have the means necessary to continue operation and are deeply saddened to announce we will be shutting down operations this month. The trading engine has been disabled and Exco.in user accounts will remain active, with the exception of Ambiorx's account and those who may be affiliated.
Users are now able to withdraw their remaining funds from Exco.in with new deposits having been disabled. If you have any issues withdrawing, please contact support we will assist you as soon as possible.
Exco.in will be liquidating its assets and holdings and converting it to BTC to make it available to our members.
We are sincerely sorry that things have come to this. Our goal was to provide a service for a community we sincerely cared about and wished to support.
We will do everything we can to make sure every member is reimbursed properly.
We would greatly appreciate any assistance in locating 'Ambiorx' and we will be available for support until operations cease.
Upon initial investigation it appears that during the DDOS two separate trades spiraled out of control either due to a bug or an exploit and transferred a very large number of small Bitcoin transactions to Ambiorx's account.
Ambiorx did not notify us and we had not realized due to their account not reporting any suspicious activity. The transfers in question were missing the trade ids, so they did not raise alerts in our system and were unable to correctly associate with the trade. Which resulted in the trade attempting to re-initiate the transfers endlessly. We had investigated the trades during this period and noticed two trades with issues caching trade data but it appeared minor at the time and they had the correct number of associated transfers. We fixed the caching issues with the trades and moved forward.
Ambiorx used the fraudulently obtained Bitcoins to purchase as much of the NBT and NSR on the site that they could buy and transferred it to off site addresses (included at the end of this message). The bugged/exploit trade continued to fill his account with new Bitcoins as he continued to spend them. From February 6th to the 11th, the remainder of the NBT, BTC and much of the NSR was drained from the site to the addresses listed below.
We noticed the hot wallets dwindling but assuming it was members moving their funds off site during the DDOS, we loaded all the cold balances onto the site so that users would not have withdrawals interrupted during our periods of up time.This fatal mistake allowed Ambiorx to continue to drain the site.
We are still investigating the exact cause of the bug or exploit and if anything else happened on the servers we have yet to notice. Excoin is still under DDOS attack which makes it very difficult to investigate the causes of these issues. We will provide more information about the attack as we learn more.
Samantha Chen (YT)
Exco.in Lead Developer
Email me at email@example.com for any clarification or questions
I will make myself available on IRC on freenode for questions.
I will be resigning from Blackwave Labs and looking for regular full time employment to help pay back the lost funds. I will also ask drunkonsound to help cover my loses with Blackwave Labs holdings as well.
Information We Have Collected On 'ambiorx'
Suspected IRC Aliases:
Information We Collected From the DDOS
Identified DDOS IP Addresses:
Email messages, logs and information from our database with personal information removed can be provided to those interested in assisting the investigation.
If you are interested in assisting please contact me at firstname.lastname@example.org for more additional details and questions.