CoinBene Exchange Allegedly Loses Over $100 Million in Suspected Hack

Summary

CoinBene, a Singapore-based cryptocurrency exchange, reportedly suffered a security breach on March 25, 2019, resulting in the loss of over $105 million worth of various tokens and coins. The exchange denied being hacked and claimed it was undergoing maintenance. CoinBene has not provided any official statement regarding the incident.

Attackers

The identity of the attacker remains unknown. The following addresses were involved in the hack:

Losses

CoinBene lost $105,150,329 worth of various assets. Breakdown of top 5 stolen assets by value:

$70,738,770 worth of Maximine Coin
$14,252,973 worth of CoinBene Coin
$4,744,863 worth of Guaranteed Ethurance Token
$2,693,476 worth of Huobi Pool Token
$2,575,313 worth of Ethereum

Timeline

March 20, 2019: Bitwise’s presentation to the SEC mentioned suspicions of wash trading on CoinBene.
March 25, 2019, 06:58 PM UTC: The first malicious transaction was executed with 16,730 ETH being transferred.
March 26, 2019, 00:05 AM UTC: A hacker started selling Maximine Coins on EtherDelta.
March 26, 2019, 06:20 AM UTC: CoinBene announced that the platform was undergoing maintenance due to upgrading the platform wallet. The tweet was deleted later.
March 26, 2019, 01:29 PM UTC: Crypto expert Nick Schteringard said on Twitter that the exchange’s users reported their wallets being hacked and provided the attacker’s address.
March 27, 2019: Data scientists at Elementus issued a report suggesting that the fund transfers out of CoinBene’s hot wallet reached approximately $105 million.
April 9, 2019: PeckShield, a blockchain security company, published a report stating that the stolen funds were transferred to centralized exchanges, including Binance, Bittrex, Huobi, and OKEx.

Security Failure Causes

Compromised Wallet: The exact cause of the security breach remains unclear, but it is suspected that the hot wallet was compromised, allowing the attacker to transfer funds to his own wallets.