Cyber Incident Victim: Cryptoine
Date:
Mar 2015
Location:
United States of America
Summary
A Bitcoin exchange experienced a security incident when an attacker exploited a race condition bug in its trading engine, enabling unauthorized balance manipulation and the draining of hot wallets holding multiple cryptocurrencies over a seven-hour period. The exchange clarified that no system breach, private key compromise, or personal data leakage occurred, attributing losses solely to the exploited software flaw. While stolen funds including Bitcoin, Litecoin, and Dogecoin were deemed irrecoverable, the platform committed to redistributing remaining assets based on its 60% hot wallet and 40% cold wallet reserve ratio. Following immediate closure, the organization announced a temporary hiatus with intentions to resume operations after implementing security improvements.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 26, 2015, Bitcoin exchange Cryptoine announced a security incident resulting in the theft of cryptocurrency from its hot wallets. The attack occurred over approximately seven hours, during which an unidentified hacker exploited a race condition bug in Cryptoine’s trading engine. This programming flaw allowed the attacker to manipulate transaction order processing, enabling unauthorized balance adjustments and withdrawals without requiring a system breach or code execution. Cryptoine detected the intrusion and posted a public update at 8:36am UTC on March 25, though its website subsequently became non-operational. The exchange confirmed no personal data leaks, private key compromises, or external code execution occurred during the incident. Affected cryptocurrencies included Bitcoin, Litecoin, Urocoin, Dogecoin, Bitcoinscrypt, Magi, and Darkcoin stored in hot wallets, though the total value stolen was not disclosed.
Cryptoine responded by locating and fixing the bug but declared all losses irreversible. The exchange ceased operations immediately, announcing a temporary closure lasting several months while pledging to return remaining funds from its cold wallets, which constituted 40% of total reserves. Users were informed they would receive proportionally reduced amounts of their stolen assets. Cryptoine emphasized plans to relaunch with enhanced experience and security measures, though no timeline or technical specifics were provided. The incident followed AllCrypt’s closure less than a month prior, underscoring systemic vulnerabilities in cryptocurrency exchanges at the time. Final breach details were promised but remained unpublished at the time of the report.