Remember the old classic song “It’s the most wonderful time of the year”? It looks like hackers think exactly the same way. One week after Yahoo reports hacking we have another breach – this time the “happy winner” is Xaurum (XAUR). Xaurum is a digital asset using Ethereum Token System. It is ranked 35th in CoinmarketCap standings and Xaurum value is covered by gold. Xaurum was independent currency, but earlier this year migrates to ETH Blockchain and performes a split.
On 25th of December a user of bitcointalk.org with nickname kaicryptzen published:
XAUR/BTC pair just vanished from c-cex, I assume they might be having technical issues, or maybe something else … because the price was free falling right before it disappeared …
The answer came few hours later:
We have had a breach in our RICO website, the hacker has stolen customer funds that were still not witdrawn.
XAUR markets are disabled untill we can remedy the situation. We ask user to help us by stopping transactions, while our team works on a solution.
We will restore the legitimate balance, hopefully soon. We’ll keep you updated on the developments.
We apologise for the inconvenience and assure you, that we will solve the problem
Today XAUR team returns the favour to the hacker. I was surprised when I saw who is this guy. Anyway “Die Hard” is amazing movie. So this guy has a style.
Christmas Xaurum Hack Report
Order is restored. The hack was unhacked.Results of our hack analysis can be found here: https://docs.google.com/spreadsheets/d/1GuSK4DwahHVxJVuZBwno2tnwJ-X6YIDxHCF3Fp7A998/edit?usp=sharing
Nearly all of the stolen funds have been retreived and the funds on exchanges (Bittrex and C-CEX) are frozen.
Some of the funds were dumped before our actions, and the users will be compensated.
– 18.58 M XAUR stolen (approximate value 1.4 M $).
– The attacker sent 17.58 M XAUR to his addresses at 2:28 CET
0x0eb8fb894a58e67a238d8065e6f8d70690f5a290 999999.5 XAUR
0x3dba2e569559a5f1cc5a21f3106ec46f3640e301 8597998.5 XAUR
0x78134661e27962d6f84e5e2dcdd356acb462b0d1 7499999.5 XAUR
0xa6c20f2f035b402bd2700901e23970df3ce607b7 499999.5 XAUR
verify on https://etherscan.io/token/xaurum
– 499,999.50 XAUR sent to Bittrex at 03:49 CET
– 499,999.50 XAUR sent to C-CEX at 09:56 CET
– Markets closed at 10.30 CET
– The blockchain was stopped at 10.40 CET https://etherscan.io/tx/0x63ed1f857d1293115f0c4cae3fea401341052e77601e027d480c4d834d879488
– Finding a solution 11:00 – 14:00 CET
– Theft analysis 15:00 – 16:00 CET
– Solution testing 14:00 – 17:00 CET
– Waiting on opportune moment 17:00 – 00:30 CET
– 17.58 M XAUR was retreived by Xaurum Team at 00:37 CET
The remainder of the stolen funds are frozen on the attacker’s account on exchanges.
We have contacted the authorities and will provide them with our gathered data.
Markets will reopen as soon as we can arrange that the funds on C-CEX will remain frozen.
The balances on the chain have been restored to their legitimate order and users will be able to transact as soon as the markets start.
The attacker tried to extort us on email with the email firstname.lastname@example.org and via pm on bitcointalk as the user MarkedlySuperior.
We’d like to thank Bittrex, C-CEX, Livecoin on their amazing support on a holiday.
2016th was dynamic and interesting year. We had loads of hacking activities – DAO, Bitfinex, Augur and now XAUR.