Cyber Incident Victim: C-CEX
Date:
Sep 2018
Location:
Germany
Summary
The cryptocurrency exchange C-CEX suffered a security breach where attackers exploited a vulnerability in withdrawal procedures, repeatedly executing withdrawals to drain all Dogecoin (DOGE) and Litecoin (LTC) reserves. The platform confirmed the theft, disabled withdrawals for these assets, and moved affected user balances to a "Hold" status while urging customers not to deposit to old addresses. The attackers utilized multiple accounts, with the exchange publicly sharing associated IP addresses and email details. Although DOGE and LTC pairs represented under 10% of total trading volume, the incident highlighted existing criticisms of the platform's security practices and fund management, which had previously drawn user complaints and low trust ratings. The exploit was reportedly patched following the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 9, 2018, cryptocurrency exchange C-CEX publicly disclosed a security breach that resulted in the theft of all Dogecoin (DOGE) and Litecoin (LTC) holdings from its platform. The attackers exploited a vulnerability in the exchange's withdrawal procedures, enabling them to execute repeated unauthorized withdrawals of both cryptocurrencies until the reserves were fully depleted. C-CEX detected the breach and immediately froze all DOGE and LTC withdrawals, converting existing user balances for these assets into "Hold" status to prevent further transactions. The exchange issued warnings via Twitter and BitcoinTalk forums, instructing users not to deposit DOGE or LTC to old wallet addresses and advising them to generate new deposit addresses for future transactions. C-CEX confirmed the exploit had been patched following the incident but did not disclose technical specifics about the vulnerability beyond describing it as a procedural flaw in withdrawal processing.
The attack exclusively targeted DOGE and LTC assets, which collectively represented less than 5-10% of C-CEX's total trading volume at the time. Prior to the hack, the exchange reported approximately 26 BTC (~$160,000) in 24-hour trading volume, with minor trading pairs like Pabyosi Coin and Forkcoin dominating activity. C-CEX shared operational details about the attackers, including IP addresses and email accounts used across multiple fraudulent accounts to execute the theft, and publicly solicited information to aid investigations while expressing willingness to cooperate with law enforcement. Financial losses were estimated to be limited to a few thousand dollars due to the exchange's small market presence, though exact figures were not disclosed. The incident exacerbated existing reputational challenges for C-CEX, which had previously faced user complaints about security practices and fund management, evidenced by low ratings on Trustpilot (2.9/10) and CryptoCompare (1.9/10). No evidence indicated operational disruption to non-DOGE/LTC trading pairs or compensation plans for affected users beyond the balance freeze.