[2018-10-29] Minor Crypto Exchange Pulls Off Exit Scam, Steals All User Funds

[cybersofts]

A small Canada-based crypto exchange called MapleChange has pulled off an exit scam, disappearing with user funds.

The exchange has deleted its website, Twitter account, and other social media handles along with the identity of its executives and chief executive officer.

The disappearance of MapleChange with user funds has led experts in the sector to encourage crypto investors to prevent the utilization of minor exchanges with no reputation and cold wallets that accurately represent their holdings.


Suffered a “Hack” But Can’t Refund Users, CEO Hunted Down

On Oct. 29, MapleChange claimed that it suffered a security breach that led to the loss of user funds. However, the exchange did not mention the involvement of law enforcement or any technical intricacy of the supposed hack.

Suspicious about the incident, users started to demand more information and almost immediately after the “hack,” the exchange decided to shut every channel of communication down.

The MapleChange team said:

    “Due to a bug, some people have managed to withdraw all the funds from our exchange. We are in the process of a thorough investigation for this. We are extremely sorry that it has to come to end like this. Until the investigation is over, we cannot refund anything.”

Absurdly, the exchange said that due to the hack, the exchange is not able to pay any user back and closed down all of its social media accounts.

    “We have sustained a hack, and we are investigating the issue. Because we have no more funds to pay anyone back, the exchange has to close down unfortunately. This includes all of our social media.”

As seen in previous security breaches of major exchanges like Bithumb in South Korea and Coincheck in Japan, in an event of a hack, exchanges cooperate with local financial authorities and government-backed intelligence agencies to investigate the hack and potentially recover the funds lost in the hack.

    A small crypto exchange pulled off an exit scam, taking all customer funds.

    There is no incentive for using small exchanges. Use established exchanges that are regulated, & transparent.

    Small exchanges also focus on maximizing profitability, not security or investor protection pic.twitter.com/iKEO8rDv5z

    — Joseph Young (@iamjosephyoung) October 28, 2018

MapleChange showed no intent of recovering user funds or compensating its customers, instead of shutting down the platform and social media accounts related to the business.

Investors affected by the fraudulent operation formed a group called “Maplechang’ed,” to disclose the identities of executive behind the exchange and locate the team responsible for the exit scam.

Within hours after the incident, the group of investors found the identity of the CEO of MapleChange to be Glad Poenaru, a service technician at American Piledriving Equipment, whose location matched that of MapleChange.

    His name is Glad Poenaru. Glad Poenaru's location matches with https://t.co/hecIHyNUHW's location.
    Thanks to some members from the $LMO telegram. $CCX #Maplechange #scam pic.twitter.com/XstZhC0pFd

    — maplechang'ed (@Maplechanged) October 28, 2018

At this time, it remains unclear if Poenaru is wholly responsible for the operation but if he is, Maplechang’ed firmly stated that the group will initiate legal action against the individual.


Binance CEO Calls For Transparency, Cold Wallet Holdings of Exchanges

Changpeng Zhao, the CEO of Binance, the world’s largest crypto exchange which recently expanded to Singapore to operate its second fiat-to-crypto trading platform, called for the ranking of exchanges by amount held in cold wallets, as it is not possible for exchanges to fake holdings in cold wallets.

    Wow, some one should rank exchanges by wallet storage. https://t.co/TffMHOnS1J

    — CZ Binance (@cz_binance) October 28, 2018

Small crypto exchanges often focus on maximizing profitability over security and investor protection. Several exchanges in South Korea were hacked because the trading platforms allocated all of their resources in listing new tokens and building features without establishing necessary infrastructure and security measures to protect user funds.

For security and protection, it is of utmost importance for crypto investors to rely on established, reputable, transparent, and regulated cryptocurrency exchanges that have the capability of protecting user funds and compensate investors in an unfortunate event of a security breach.


Source: https://cryptoslate.com/minor-crypto-exchange-pulls-off-exit-scam-steals-all-user-funds/

[1714678359]

1714678359

[1714678359]

1714678359

[1714678359]

1714678359

[1714678359]

1714678359

[1714678359]

1714678359

[Rahar02]

A negative side of an exchange with all of the suspicious behavior. Once again, an exchange is not a place to keep funds or coins for a long time, just assume we don't have anything before withdraw. Propel should aware of such things, especially when dealing with the small unregulated exchange.
MapleChange had announced on twitter that they have no more funds to pay anyone back.” Seems like they put all of the coins in hot wallet, lol. If Maplechange have planned exit scam, they may have fled abroad.

[Kemarit]

LOL, Even their ANN thread was put into Archival Section ,(https://bitcointalk.org/index.php?topic=4366622.0) last edited Oct 29. I don't know if someone has archived it though, But it looks like they're trying to disappear in the face of the Earth. . Well they're totally wrong, because the supposed to be CEO has a name so sooner or later he can't go out of Canada or move somewhere else. Exchanges should really look at how the Japanese attitudes towards compensating their customers, take for example, Zaif, (https://www.ccn.com/crypto-exchange-zaif-reveals-customer-compensation-plan-after-60-million-hack/)

[Kakmakr]

This is why we should not rely on any centralized entity to store our bitcoin or cash. The solution is not even to use decentralized exchanges, because they are even worst. If you do not know the corporate structure of the people running the service and if you cannot verify if they are actually running the business, then you should not dump a lot of money onto that service.

Brian Armstrong will not be able to cut and run with a exit scam, because everyone knows he is linked to Coinbase. Why would you use a service, if you know nothing about their corporate structure?

[snipie]

Better to use a trusted exchange with known staff members or at least having real names and locations.
This exchange is scamming users, or else why would it shut down every possible contact with it?
The "hack" story will never end apparently.

[shamc]

Never heard of this maple exchange, I bet they aren't even Canadian but just used a Canadian host and virtual office. Stick to reputable exchanges, and keep the majority of your coins safe

[darkangel11]

It's not going to be difficult to find him since he has his face all over the Internet.
https://medium.com/@gladpoenaru
He's not a smart criminal. What was once in the Internet is almost impossible to erase and such childish attempts to delete the site and staff profiles won't make him disappear.

At this time, it remains unclear if Poenaru is wholly responsible for the operation but if he is, Maplechang’ed firmly stated that the group will initiate legal action against the individual.

If he's not responsible for the hack he surely is responsible for trying to cover up and avoid responsibility. The site was and social media accounts belonged to him.

[Betwrong]

It's probably a good idea to rank exchanges by amount held in cold wallets, like Changpeng Zhao, the CEO of Binance, proposed. If people were using only those exchanges with enough money in cold wallets to cope with any hack there would be no such problems. Users would never suffer from "hacks", which in most cases are just vulgar stealing performed by someone from the staff, and all the troubles associated with theft would be internal matters.

[BitHodler]

The "hack" story will never end apparently.

Of course not. It's too easy to blame hackers for theft with how ignorant most authorities are when it comes to proper blockchain analysis. It may sound harsh, but this is the risk that comes with using exchanges like this.

Collateral damage it is called.

Users would never suffer from "hacks", which in most cases are just vulgar stealing performed by someone from the staff, and all the troubles associated with theft would be internal matters.

Correct. People here tend to forget that most of the operators running these smaller exchanges aren't used to deal with so much easy to access value. It results in situations where they get tempted to run off with user funds.

They have no clue about how they can make more money in the long term by running their exchange in a fair manner. All they care about is that they want a lot money as fast as possible. It's retarded.

[stompix]

It's not going to be difficult to find him since he has his face all over the Internet.
https://medium.com/@gladpoenaru
He's not a smart criminal. What was once in the Internet is almost impossible to erase and such childish attempts to delete the site and staff profiles won't make him disappear.

Hmm, I thought the name sounds strange, seems to be a Romanian name, as a lot of people from Romania with this family name come up in a facebook search. Was he even Canadian or actually living in Canada in the first place?

LOL, Even their ANN thread was put into Archival Section ,(https://bitcointalk.org/index.php?topic=4366622.0) last edited Oct 29.

Somebody calls him Flavius there, again a name used in Romania and he has made at least a translation in Romanian:
https://bitcointalk.org/index.php?topic=3146491.msg32530414#msg32530414
Linkedin page is gone also.


Anyhow quite the twist, just yesterday I was reading this:
Hacked Canadian Bitcoin Exchange MapleChange Returns to Twitter, Opens Refund Chat Room
https://finance.yahoo.com/news/hacked-canadian-bitcoin-exchange-maplechange-211556479.html

[buwaytress]

Better to use a trusted exchange with known staff members or at least having real names and locations.
This exchange is scamming users, or else why would it shut down every possible contact with it?
The "hack" story will never end apparently.

Trust me (heh). All the licensing, all the recognisable and known staff members, all the real names and locations won't stop neither hacks nor exit scams, should they happen. Ask Mt Gox users, who trusted everything in it and its owners. Ask people who've been scammed on this forum, by trusted and legendary members. I of course risk my coins with trusted people, for some opportunities, but I'd never give everything I owned to anyone, not the Pope, not even God. Because shit happens when shit happens, and you've got no recourse if you don't control your coin.

[hatshepsut93]

A negative side of an exchange with all of the suspicious behavior. Once again, an exchange is not a place to keep funds or coins for a long time, just assume we don't have anything before withdraw. Propel should aware of such things, especially when dealing with the small unregulated exchange.
MapleChange had announced on twitter that they have no more funds to pay anyone back.” Seems like they put all of the coins in hot wallet, lol. If Maplechange have planned exit scam, they may have fled abroad.

It's not as simple as that, usually those who hold big sums on exchanges are traders, they hold money on orders and thus provide liquidity. If no one kept their coins on exchange, we would have far greater volatility and maybe even far lower price. This is why decentralized exchanges are important - they can solve the problem with security and centralization of the market.

[1BTC EQUALS 1CAR]

I knew that my decision was right on not trusting small time exchanges. They are always have the highest risk on claiming that they got hacked. It's very easy for them to do that unlike big exchanges that has a lot of prominent investors that will hunt them down and that's what keep the exchange to be reliable and implement tighter security.

[milewilda]

Im not really closing the doors on using up new exchange but we should really be careful on selecting which one would be used having a known team behind and dont sees any shady stuff
but most of the time with just basing or using up our own common sense will tell us on what we should gonna use. Always opt in on using olders and reputable exchangers rather than on
non so popular small volume exchangers because tendency of hacking incident would be there either fully accident or just a classical exit scam. This cycle would continue on eternity.

[veleten]

the good old hack story , I thought the times when the sites would just close
citing a hacker's attack or DDOS and run with the user's money are gone, seems  like the answer is a no
small exchanges ,usually, cannot afford good security , its true , but in this case it sounds like an exit scam indeed
they won't be able to refund their customers anyway since even if they somehow , magically reopen, you would have to be a retard to
trust your money to them again, so yeah stay away from small exchanges and do not trust the big ones either
its a pain in the neck to withdraw your funds back and forth, but its better than to lose them all one beautiful day

[Kemarit]

For those who wanted to see the post-mortem:

https://pastebin.com/PZD3Qb35

They used a open source called Peatio. (https://github.com/peatio/peatio). But it seems the hacker knows how to exploit a bug on the application itself.

The method `unlock_and_sub_funds` has proper conditionals, immediately raising exceptions if the sub amount goes below the balance of the user. In this case, even if the malformed/exploited order did get processed, it would stop here, properly throwing an error in our logs and allowing us to properly investigate. However, the perpetuators knew exactly how this code would run, and as a result abused it using a series of accounts, as you notice in order.rb (https://github.com/peatio/peatio/blob/6fe7e960a12c40053370cb25cdd0968b67041aa0/app/models/order.rb), the call `strike` both calls `hold_account.unlock_and_sub_funds` (removing funds from one account) and adding it onto `expect_account`. If properly executed, this exploit could continue to subtract funds from one account and add onto the other one with no limitations. This is primarily the cause of the bug.
 
In our version of the code, we have noticed something strikingly bizarre. The conditionals in `account.rb`'s `unlock_and_sub_funds` were completely commented out. Considering our code is base off of Graviex, this is by far the best proof we can provide, the code hasn't been touched for months and we have done little to no work on the ordering system -> https://github.com/gravio-net/graviex/blob/master/app/models/account.rb (line 82).

This is another lessons learned for other exchanges to do some internal audit specially if they are using open-source. They already admitted that they're not refunding any BTC or LTC so its another lost for our crypto traders here.

[stompix]

For those who wanted to see the post-mortem:

https://pastebin.com/PZD3Qb35

They used a open source called Peatio. (https://github.com/peatio/peatio). But it seems the hacker knows how to exploit a bug on the application itself.

~

This is another lessons learned for other exchanges to do some internal audit specially if they are using open-source. They already admitted that they're not refunding any BTC or LTC so its another lost for our crypto traders here.

This doesn't eliminate the possibility of an exit hack.
They've could have done this themselves knowing the exploit and blame it on some "hacker".

Unfortunately, I can see a new trend growing here, small exchanges doing some upgrades they now are faulty without bug fixes and then hacking themselves exactly at the right time.

I don't buy this hacker story, when you get hacked you don't start deleting LinkedIn profiles and bitcointalk posts, it's pretty clear that for a moment at least they've tried to run away and erase all traces, probably they've decided against it once they've realized they left behind too much info and tracking them would be a piece of cake.

[Betwrong]

~
Unfortunately, I can see a new trend growing here, small exchanges doing some upgrades they now are faulty without bug fixes and then hacking themselves exactly at the right time.

I don't buy this hacker story, when you get hacked you don't start deleting LinkedIn profiles and bitcointalk posts, it's pretty clear that for a moment at least they've tried to run away and erase all traces, probably they've decided against it once they've realized they left behind too much info and tracking them would be a piece of cake.

Me neither. If people lost their money because of their trust in your product, MapleChange exchange in this case, you should be open to the fullest with them. You should spend all of your time replying to the victims, cooperating with them in order to find the hackers together etc. You should report the hack to the police and keep your clients updated every day on the course of the investigation. It looks like these guys were trying to do exactly the opposite. But they will hardly succeed in evading responsibility for their actions.

Here's the link to maybe a bit controversial but still a good detective work on the subject:

https://steemit.com/cryptocurrency/@thinkexclamation/maplechange-a-tale-of-theft-by-two-romanian-brothers

[gentlemand]

Where do people find exchanges like this? Why do they choose to trust them?

I could understand someone dabbling with a totally unknown quantity in 2011 when everything was crap. In this day and age it makes no sense

[stompix]

Where do people find exchanges like this? Why do they choose to trust them?

I could understand someone dabbling with a totally unknown quantity in 2011 when everything was crap. In this day and age it makes no sense

I was asking myself the same about websites selling miners back in the December boom, how do people manage to find those websites nobody has ever heard of them, just a few days after they've registered the domain and trust them with money.

In the case of exchanges, I have a theory as I've seen how some new ones are fishing for clients
-open the exchange, add the well-known pairs, inflate the volume by trading between your own bots so people won't say your website is deserted
- start adding pairs of shady tokens that have never hit another exchange and make sure to advertise this on their ann thread
- launch by yourself a few tokens that will only be tradable on your exchange in the first place
- at this point, you have gathered enough customers to make it like look like a real exchange, wait patiently till the clients start leaving real coins like btc or eth on it...
- get hacked