Cryptocurrency exchange Trade.io admitted to a security breach on Sunday. The company said that an unknown party has withdrawn over 50 million Trade tokens (TIO) from its cold storage wallets.
The funds are worth over $7.5 million at Monday's TIO trading price. It is unclear how the hack happened.
Cold storage wallets usually take the form of custom USB-based devices containing login information for an account holding cryptocurrency funds.
Trade.io said it stored its cold storage wallet in safety deposit boxes in banks.
"We have confirmed that the safety deposit boxes were not compromised," said Trade.io CEO Jim Preissler.
Nonetheless, the company said that on Sunday, around 08:40 EST, its security team detected a large transaction that originated from one of its accounts associated with its cold storage wallet.
"While the investigation is ongoing, based on Etherscan records, we can confirm that the 50M TIO allocated for the Liquidity Pool being held in cold storage has been withdrawn, and an estimated 1.3M of that had been transferred to both Bancor & Kucoin respectively," Preissler said.
Both the Bancor and Kucoin cryptocurrency exchanges are now aiding Trade.io's investigation. All three have disabled TIO deposits, withdrawals, and trading for the time being.
The stolen funds were Trade.io's backup cryptocurrency, funds the company held in reserve to funnel into its liquidity pool if trading activity peaked at one point or another. The funds belonged to the company, and not to users registered on Trade.io.
Preissler says the company is considering a fork of the TIO token codebase to invalidate the stolen funds, and "[protect] the value of TIO for everyone else."
Trade.io said the theft does not impact its day-to-day trading activity, and the platform will continue to operate as normal.
"It's obvious that trade.io is now a major focal point of competitors and those attempting to destroy the movement that is on the ground floor, and we guarantee you we will not bow down to their actions," Preissler said.
- Hackers steal data of 75,000 users after Healthcare.gov FFE breach
- Tumblr discloses vulnerability but says 'no evidence that this bug was abused'
- Zero-day in popular jQuery plugin actively exploited for at least three years
- Justice Department charges Russian trolls' chief accountant CNET
- Almost half of cyberattacks are directed at SMBs TechRepublic
- Vendors confirm products affected by libssh bug as PoC code pops up on GitHub
- DJI website's 'Get the app on Google Play' directs users elsewhere