Date:: October 20th, 2018
Amount Stolen:: $9m-$11m
Tags: CEX Hack, "Inside Job"
Trade.io, a Swiss blockchain company that advertises itself as a “next-generation financial institution”, has been hacked. According to an announcement from the firm, 50 million Trade Tokens (TIO), which is the company’s own cryptocurrency, have been stolen. These are worth approximately $7.5 million at the current price, but closer to $11 million at the time of the hack a few hours ago.
The stolen tokens were intended to be used as a project’s liquidity pool. Therefore, the management performed a fork to get the funds back. Interestingly enough the team stored the wallet itself in a local bank’s deposit safe. And since it was reported that the safe wasn’t compromised the only explanation is that hackers somehow managed to access the wallet details for making the transfers, that normally indicates an ^^“Inside Job”^^
Trade.io states: “We use industry recommended cold storage which are maintained in safety deposit boxes in banks, along with all corresponding materials. We have confirmed that the safety deposit boxes were not compromised.””
- 0x893001aac4ba054ef5f183602bd7883c3542314c is DPRK's 2018-era dust collector
- 0x724012dcfdafa04fc2a345ab9f0cc2a5bf397391 is where stolen Trade.io funds went
- 0x742B115424Ccda93d9228cA9aa56ec2442b94CA9 (a few hops over) is a us v. 280-attributed address (Algo Capital)
- Totally DPRK. Nice. This reveals some new BTC wallets, too:
- 19t8pPEZjAd5Z5smSeM7ogeuPsq2qAeWUg
- 1Jj4Pm1iknT9hunSyVcmdX3wCiaLFmPuQB
- 18XvE2D8gwd13WMsDg6xv5EKjp7GdfJmQ6
- Trade.io Hack - Laundry 0xb478537c7962ec42c1e005682a750a79d86960cf
- Trade.io Hack - Theft / Laundry 0x40f389cba4ee49e67fac6425989b793eeeea1fe1
- Trade.io Hack - Theft 0x5a0fa8561cb1101f67d92d7b333da6c39ba886fe
- Trade.io Hack - Theft 0x436b524ef1b3a09b9c01326be70dd20849a89c46
- Trade.io Hack - Theft 0x724012dcfdafa04fc2a345ab9f0cc2a5bf397391
- Trade.io Hack - Theft 0x10dc90dce9b2d4f4e9654f8387d8415ed2aeac05
- Trade.io Hack - Victim 0xdb724c0be4367db273d261b3d2ee239be45f2350
- Trade.io Hack - Victim 0x58f75ddacffb183a30f69fe58a67a0d0985fce0f
- Trade.io Hack - Laundry - Kucoin 0xe5536a5ea4998c4580c58bc325c175ed577360a7
- https://etherscan.io/token/0x80bc5512561c7f85a3a9508c7df7901b370fa1df?a=0x724012dcfdafa04fc2a345ab9f0cc2a5bf397391
- https://cryptoxdirectory.com/trade.io
- https://zdnet.com/article/trade-io-loses-7-5mil-worth-of-cryptocurrency-in-mysterious-cold-wallet-hack/
- https://quadrigainitiative.com/casestudy/tradeio.php
- Annex 95: Suspected DPRK cyberattacks on cryptocurrency-related companies (2017-2023) investigated by the Panel