$8 million in TIO goes missing from Trade.io cold storage

Posted: 23 October 2018 7:07 pm
News
CryptoTheft_Shutterstock450
{"theme":"dark","direction":"horizontal","showArrows":true,"splitTitle":true,"playerOptions":{"captions":true,"popupOnScroll":true,"subscribe":{"title":"Subscribe","url":"https://www.youtube.com/channel/UCKvc0WUB65GCvOTgPVJ9yRA?sub_confirmation=1","visibleOnMain":true,"visibleOnPopup":true}},"active":{"index":0,"start":52,"end":null,"thumb":"https://dvh1deh6tagwk.cloudfront.net/finder-au/wp-uploads/2018/10/Harry-Generic.jpg","thumbAnimation":"kenburns-top-right","heading":{"small":"WATCH","large":"Everything you need to know about stablecoins.
"}},"yt":{"method":"playlistItems","params":{"playlistId":"PLUrt4pAH4g29Uw8QifHtSvvdWuFtDmz6V","type":"video","part":"snippet,id,contentDetails"}},"banner":true}

There's a master thief out there somewhere.

The funds were kept in industry-recommended cold storage hardware wallets, and those wallets themselves were held in safe deposit boxes in banks. The banks have confirmed that the safe deposit boxes were not breached.

But somehow $8 million in TIO (Trade.io) tokens went missing from the cold storage before emerging on Bancor and KuCoin, it announced.



An inside job?

The first thing that probably comes to most people's minds whenever there's a strange cryptocurrency heist is that it was probably an inside job.

But perhaps not.

Trade.io was quick to contact Bancor and KuCoin to get the TIO frozen once they realised the lucre was being traded, and they're now floating the idea of a hard fork to devalue the 50 million stolen tokens, making it a somewhat pointless heist if they go through with the fork.

juicy crypto words

"Unfortunately, while this is an extremely strange situation, unfortunately breaches of cold storage is not unprecedented even when following security protocol to a T," Trade.io said. "We use industry recommended cold storage which are maintained in safety deposit boxes in banks, along with all corresponding materials. We have confirmed that the safety deposit boxes were not compromised."

If you rule out an inside job, rule out an outright bank robbery and assume that the "industry recommended" cold storage is the same as that used by many others and is therefore unlikely to have vulnerabilities in itself, you're left with a potential Trade.io token bug or a vulnerability in the liquidity pool contract – the function the coins were stolen from.

Although it's naturally a bit irresponsible to just speculate wildly at this point, it's worth noting that vulnerabilities which allow thefts of various sorts are relatively common, and the ongoing investigation is likely to uncover the vulnerability if this is the case.

But that doesn't explain how the coins were taken from a cold storage wallet.

Trade.io's Jim Preissler ended the announcement on an inspirational note.

"It's obvious that trade.io is now a major focal point of competitors and those attempting to destroy the movement that is on the ground floor, and we guarantee you we will not bow down to their actions. We have the strongest community in crypto and we assure you we will wind up stronger as a result of actions like these and any such attacks in the future," he said.

Needless to say, the notion that a theft of $8 million was motivated by some kind of desire to sabotage a movement, rather than the desire to steal $8 million, is pretty funny.

And given how extremely weird the theft was, and how suspiciously creative the idea of the Trade.io liquidity pool is, it should perhaps come as little surprise if the Trade.io team ends up deciding not to render the stolen tokens worthless, and if they end up reappearing on the market in some form down the line.


Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.

Disclaimer: This information should not be interpreted as an endorsement of cryptocurrency or any specific provider, service or offering. It is not a recommendation to trade. Cryptocurrencies are speculative, complex and involve significant risks – they are highly volatile and sensitive to secondary activity. Performance is unpredictable and past performance is no guarantee of future performance. Consider your own circumstances, and obtain your own advice, before relying on this information. You should also verify the nature of any product or service (including its legal status and relevant regulatory requirements) and consult the relevant Regulators' websites before making any decision. Finder, or the author, may have holdings in the cryptocurrencies discussed.

Crypto explained

{"theme":"dark","direction":"vertical","showArrows":true,"playerOptions":{"captions":true,"popupOnScroll":true,"subscribe":{"title":"SUBSCRIBE","url":"https://www.youtube.com/c/cryptofinder?sub_confirmation=1","visibleOnMain":true,"visibleOnPopup":true}},"active":{"index":null,"start":0,"end":null,"thumb":"","thumbAnimation":"kenburns-top-right","heading":null},"yt":{"method":"playlistItems","params":{"playlistId":"PLUrt4pAH4g28gehvPkL1VDHlNXR7zksYB"}}}

Latest cryptocurrency news

Picture: Shutterstock

Get into cryptocurrency

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site