Cyber Incident Victim: Give Me Coins

On January 23, 2014, the Give Me Coins Litecoin mining pool (give-me-coins.com) suffered a security breach resulting in the theft of 10,000 Litecoins, valued at approximately €230,000 (€166,000) at the time. Administrators detected unauthorized withdrawals from specific pool accounts and immediately suspended all payment processing to contain the incident. The service publicly announced the breach via its official forum, confirming the compromise of user funds held in the platform's wallets. These wallets temporarily stored user coins until transfer requests were made to external personal wallets. Initial investigation indicated attackers exploited an SQL Injection vulnerability to gain unauthorized access to the system. The pool's operators initiated an internal review and engaged external cybersecurity experts from Trustwave’s SpiderLabs to conduct forensic analysis.

Trustwave’s investigation confirmed the theft through blockchain transaction tracing, identifying multiple transfers from Give Me Coins wallets to addresses controlled by the attackers. The forensic team credited the pool administrators’ rapid suspension of transactions with preventing the theft of an additional 20,000 Litecoins, significantly limiting the financial impact. Give Me Coins formally committed to reimbursing all affected users for their losses, though the reimbursement mechanism and timeline were not detailed in the announcement. The incident disrupted normal pool operations, halting payouts during the investigation. No evidence suggested user wallets external to the platform were compromised. The breach highlighted risks associated with centralized storage of cryptocurrency assets in mining pool operations.