Cyber Incident Victim: Livecoin
Date:
Dec 2020
Location:
Russia
Summary
A Russian cryptocurrency exchange suffered a major security breach when attackers seized control of its infrastructure, including backend servers and communication channels, enabling them to manipulate digital asset exchange rates to artificially inflated levels—such as Bitcoin rising from $23,000 to over $450,000—before illicitly withdrawing funds. The compromise forced the platform to urge users against transactions via APIs and mobile apps while partially restoring frontend access to announce the incident, which they described as meticulously planned over preceding months. Despite suspicions among some users of insider involvement, the exchange reported the breach to law enforcement; operating since 2014, it ranked 173rd globally with approximately $16 million in daily trading volume prior to the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 23-24, 2020, hackers compromised the Russian cryptocurrency exchange Livecoin by seizing control of its entire infrastructure, including servers, backend systems, and nodes. The attackers manipulated exchange rates to artificially inflated values—escalating Bitcoin from $23,000 to over $450,000, Ether from $600 to $15,000, and Ripple from $0.27 to over $17 per unit. These manipulated rates, representing increases of 10-15 times typical values, enabled the threat actors to systematically cash out user accounts at grossly exaggerated valuations, generating substantial illicit profits. Livecoin administrators detected the breach but could not immediately intervene due to complete loss of system control, including compromised communication channels. By late December 24, the company partially regained frontend access, allowing it to post a website announcement confirming the breach while other interfaces like APIs and mobile apps remained vulnerable. Livecoin described the incident as a meticulously planned attack developed over several months, emphasizing that attackers maintained prolonged access to critical systems prior to executing the exchange rate manipulation phase.
The attack disrupted all trading operations, forcing Livecoin to urgently advise users against deposits or transactions through any platform interface until further notice. User backlash emerged on social media, with allegations that the breach constituted an inside job rather than an external attack. The exchange reported the incident to local law enforcement agencies but did not disclose specific financial losses or the number of affected accounts. Operational data from CoinMarketCap indicated Livecoin handled approximately $16 million in daily transactions prior to the incident, ranking it as the 173rd-largest cryptocurrency exchange globally at the time. Founded in 2014, the platform faced significant reputational and operational challenges following the breach, with no public confirmation of full system recovery or compensation mechanisms for users impacted by the fraudulent withdrawals executed during the rate manipulation window.