Bitcoin Forum

I'm generally not one to jump on the FUD bandwagon, but after looking into my account I can confirm that my ~250k Dogecoins on the site were systematically transferred to other wallets without my approval or initiation.

This would constitute either a breach of security or a deliberate action by the admins.  Regardless, the coins are stolen.

The timestamp for the first deduction from my wallet was "2014-03-17 15:39:36", afterwards 5k transfers were made continuously emptying the account within an hour.

Here's the proof right off dogechain.info

https://i.imgur.com/vLJgJNO.png

Fun stuff! :)

Sorry to hear that man. Thieves suck.

Bleh. I just started with cryptos like 2 months ago, and am a small guppy-sized trader. Mostly doing giveaways, free cloudmining and such. Things like this make me feel like just forgetting cryptos.

I was planning on moving what I had in Coinex out the other day, but got busy ... then the next day Coinex vanished. I didn't have much there compared to what other people have, but still, it was a decent amount to me ... some bitcoin, around 40K noble, 12K doge and some other coins. It probably seems a paltry amount to most here, and looking at it from a monetary standpoint it wasn't much really ... but it mattered to me.

Oh well. I know everyone thinks govt. regulation and such are the main enemies of cryptos. It really isn't. It's all of these shady exchanges. Enough go down, and people will just walk away and lose all confidence in the coins.

Such contradiction.

Are you saying that the exchange which was repeatedly hacked earlier to the tune of 60-80 BTCs (which to its credit, was paid out by the owners) lost some of your money? Colour me surprised ::)

In anycase, there is also a chance that the account may have been compromised on your end.

Use #bitcoin-otc. I've gotten screwed:

- On exchanges: 2/2 times
- By random people in the channel with positive feedback: 0/~15 times

For me it's sad because I work a day job and I'm a college student, I try to invest just $30 or $40 per check into cryptos and when it gets stolen like this it's like 'why bother'? I only had about $50 worth of crypto on coinex, but literally hours before it went down 'for maintenance' I deposited .06BTC I had bought off of coinmx for cash. I know people lost a lot more on this, but it sucks. Usually I was making trades and withdrawing shortly after, in this case I never got the chance.

It's interesting that Coinex's switch pool is still giving out work and my miner is still hashing.
I can also see that my bitcoins are still at my Coinex address.
I have a ton of other coins just pooling up from the switch pool.  I'm unable to check the availability of those coins though.

I opened an issue with Coinex earlier this year to complain about no option to turn the chat off.  Rendering arbitrary input from unknown 3rd parties in your browser is very unsafe.  Their response to me was to "click the header and it will hide."  Of course that wouldn't solve the issue, so I just stopped hanging out on Coinex's site to minimize the attack surface.  It sounds like this was the exact vulnerability used.

If you keep all your coins at an exchange or any other online service you deserve to be hacked.

If you keep all of your coins, or tons of bitcoin, on an exchange I agree. But otherwise I find comments like this silly. How are you supposed to trade, buy or sell coins without keeping some of them on an exchange? There isn't enough time to buy coins or sell them at good prices, if they are all stored in wallets. By the time it gets to the exchange, it's usually too late.

Glad I took out all of my coins a week ago except for ~3k Dogecoins and about 50 IFC. ::)

Clearly you didn't read my comment. I don't leave anything on exchanges, unless it's there to be traded. I don't think very many, if any, people leave their coins on an exchange to be held.

Even if someone does, they don't deserve to be hacked. Paypal is a billion dollar company, do all of the people who leave money on Paypal deserve to be hacked? How much of the US dollar is now a 'digital dollar'? Does all of that deserve to be stolen too? How about E-Trade? I have lots of money there. Your comment is short sighted and naive.

Feeling bad for you. How was the hack done? Weak password on the exchange or weak password of email account?

neither...

there was a vague twitter post when the site was put into maintenance mode.  Stating:

"Security issue, investigating" - March 16th @ 1:57pm

The site's been down since right before that...

on March 17th "2014-03-17 15:39:36" (site down still) the outbound transfers happened.  So, no access to the outside world unless hacked or stolen by admin.

couple days prior to hack i wasnt able to withdraw doge. goodbye 60k doge.

Perfect, I will remain hopeful until it confirmed or until the pools go down. where was that chat hosted from? I know it wasnt just on coinex

How are you sure those coins were from your account? AFAIK, a lot of exchange sites use shared wallets to cut back on transaction fees. User's balances on exchange sites are not in individual wallets, but are values in the site's database. So unless the site's uses individual wallets for each user's balance, there is no way of finding withdrawals for a specific account on an exchange site from the blockchain.

I am not saying that this is or is not true that they were hacked or funds are gone.  However, it is pretty common for exchanges to move funds from your wallet deposit address to offline wallets.  They do this on purpose to prevent losing coins if they get hacked.  Cryptsy does it, Coinbase does it, BTER does it, they all do it.

Again, I am not saying that they for sure weren't hacked, just be aware that there is potentially still hope that all is not lost.  I agree it doesn't look good since they have been down for 2+ days?  But just because your coins were moved to other wallets doesn't necessarily tell the whole story.

Someone please correct me if you think I am wrong on this.

And also, I hope for your sake you turn out to be wrong.  I wish you the best of luck recovering your coins...

From https://twitter.com/CoinexPW

-> https://bitcointalk.org/index.php?topic=265277.msg5769484#msg5769484

Please stop posting FUD about CoinEx, we will issue an announcement within next 24hrs about how we are going to handle the situation.

Long story short: yes, our wallet server got hacked and all funds were withdrawn.

Please read back to the beginning of this thread, we had such a problem before and *returned all the stolen funds from our own pockets*. Before this hack happened, we also had several attacks that lost funds and we silently covered those from our fees.

For those who was stalking me at internets: thats true, i was trying to hide/delete my accounts. At the very first moment i saw zero balance at our bitcoin wallet i knew this was coming. And it scared the shit out of me. Hope you can understand that.
About me selling bitcoins at localbitcoins.com: thats true too. I have 33mh/s scrypt gpu mining farm, I have >50% of coinex fees + I get % from cryptostocks share sells. Nothing criminal here again.

So again, please calm down. We are not doing a runner.

The only way i can see to restore this is to sell more shares at cryptostocks to cover the losses *and to hire a professional security audit team to prevent this from happening again*.
Long story short, we're covering this from our own pockets again.

Thanks
- erundook


So much Wow, so little time.

I appreciate the update, but my multiple requests were ignored previously.  Also, I apologize if I'm the culprit here on posting what I knew and my conclusions.  You are the only one that can protect from FUD in the future and that's through clearly communicating ALL issues promptly, not waiting around and keeping us in the dark.

I love Coinex.PW and am thankful it'll still be around.  I'm concerned for the security of it and the lack of information about its current state.  I do wish you all the best and thank you for your time and efforts.  Just please remember, in the 21st century a 24hr wait time for information is completely unacceptable from a customer service standpoint.

Generally true.
If Coinex just had a major theft they needed time to investigate before putting a priority on customer service.

How can we attract more honest people/businesses to BTC?