Cyber Incident Victim: CoinPouch

On November 9, 2017, a CoinPouch wallet user reported unauthorized theft of funds, prompting CoinPouch to initiate an investigation in collaboration with Justin, the Verge project lead. Initial assessments concluded the incident "did not look like a hack," though Verge recommended security modifications to CoinPouch's Verge node infrastructure. Despite implementing these changes, CoinPouch subsequently received additional user reports of malfunctioning Verge wallets within its platform. The breach was later confirmed by both parties, with hackers stealing 126 million Verge coins valued at over $655,000 (£490,000). Verge traced the stolen funds to a specific wallet address where they remained inactive, though the reason for the hackers' inactivity was unspecified. CoinPouch attributed the breach to vulnerabilities in Verge's node system, while Verge countered that CoinPouch's application lacked proper security measures. Neither party conclusively determined the attack vector during initial investigations.

CoinPouch publicly disclosed the incident via Twitter, notifying users of law enforcement engagement and forensic analysis delays due to the U.S. Thanksgiving holiday impacting investigators and legal teams. Independent auditors were enlisted to examine the breach, with CoinPouch emphasizing that affected users had assumed risk by entrusting private keys to a third-party wallet. The company acknowledged the hack originated from inadequate security protocols on their operational side, contradicting their earlier allegations against Verge. This marked the second major cryptocurrency wallet compromise reported in November 2017, following the Tether exchange breach. No fund recovery or further technical explanations were provided in available updates, leaving the final disposition of the stolen assets unresolved.