Cyber Incident Victim: MapleChange
Date:
Oct 2018
Location:
Canada
Summary
A cryptocurrency exchange reportedly lost 913 Bitcoin ($6 million) due to a claimed hack involving a system bug, leading to unauthorized withdrawals of user funds. The platform abruptly announced its closure and inability to issue refunds, subsequently deleting its social media presence and website. Industry analysts and prominent figures expressed skepticism, alleging the incident was an exit scam rather than a legitimate security breach. Investigations by third parties revealed falsified domain registration details and alleged connections between the exchange’s operators and other cryptocurrency projects, though no definitive evidence of collusion was established. The event prompted widespread criticism of smaller exchanges’ security practices and fund management.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 28, 2018, the cryptocurrency exchange MapleChange announced via Twitter that it had suffered a security breach resulting in the loss of 913 Bitcoin (approximately $6 million at the time). The exchange attributed the incident to an unspecified bug that allowed unidentified individuals to withdraw user funds. MapleChange stated it was conducting a "thorough investigation" but simultaneously declared it would be unable to reimburse affected customers. Within hours of the initial announcement, the exchange further disclosed it would cease operations entirely, including shutting down its website and deleting all social media accounts. This abrupt closure, coupled with the refusal to refund losses, immediately raised suspicions within the cryptocurrency community. The exchange's domain registration information was later revealed to contain falsified details, compounding skepticism about the legitimacy of its operations prior to the incident.
Prominent industry figures publicly questioned MapleChange's narrative. Crypto analyst Joseph Young characterized the event as a likely exit scam, criticizing small exchanges for prioritizing profits over customer protection. Australian trader BitLord echoed these concerns in an extended social media commentary, emphasizing the risks of trusting smaller platforms. Binance CEO Changpeng Zhao advised users to avoid exchanges lacking cold wallet storage, implying MapleChange's security practices were inadequate. In response to the incident, an anonymous individual created the "Maplechang’ed" Twitter account to investigate potential fraud. This effort uncovered connections between MapleChange's operators and other entities including the ETZmine mining pool and Weycoin (WAE) cryptocurrency project, though the exact nature of these relationships remained unclear. The disappearance of all exchange representatives and platforms following the announcement left approximately $6 million in customer funds unrecovered, with no evidence of law enforcement involvement or official investigations disclosed in available reports.