$8 million in TIO goes missing from Trade.io cold storage
There's a master thief out there somewhere.
The funds were kept in industry-recommended cold storage hardware wallets, and those wallets themselves were held in safe deposit boxes in banks. The banks have confirmed that the safe deposit boxes were not breached.
But somehow $8 million in TIO (Trade.io) tokens went missing from the cold storage before emerging on Bancor and KuCoin, it announced.
An inside job?
The first thing that probably comes to most people's minds whenever there's a strange cryptocurrency heist is that it was probably an inside job.
But perhaps not.
Trade.io was quick to contact Bancor and KuCoin to get the TIO frozen once they realised the lucre was being traded, and they're now floating the idea of a hard fork to devalue the 50 million stolen tokens, making it a somewhat pointless heist if they go through with the fork.
"Unfortunately, while this is an extremely strange situation, unfortunately breaches of cold storage is not unprecedented even when following security protocol to a T," Trade.io said. "We use industry recommended cold storage which are maintained in safety deposit boxes in banks, along with all corresponding materials. We have confirmed that the safety deposit boxes were not compromised."
If you rule out an inside job, rule out an outright bank robbery and assume that the "industry recommended" cold storage is the same as that used by many others and is therefore unlikely to have vulnerabilities in itself, you're left with a potential Trade.io token bug or a vulnerability in the liquidity pool contract – the function the coins were stolen from.
Although it's naturally a bit irresponsible to just speculate wildly at this point, it's worth noting that vulnerabilities which allow thefts of various sorts are relatively common, and the ongoing investigation is likely to uncover the vulnerability if this is the case.
But that doesn't explain how the coins were taken from a cold storage wallet.
Trade.io's Jim Preissler ended the announcement on an inspirational note.
"It's obvious that trade.io is now a major focal point of competitors and those attempting to destroy the movement that is on the ground floor, and we guarantee you we will not bow down to their actions. We have the strongest community in crypto and we assure you we will wind up stronger as a result of actions like these and any such attacks in the future," he said.
Needless to say, the notion that a theft of $8 million was motivated by some kind of desire to sabotage a movement, rather than the desire to steal $8 million, is pretty funny.
And given how extremely weird the theft was, and how suspiciously creative the idea of the Trade.io liquidity pool is, it should perhaps come as little surprise if the Trade.io team ends up deciding not to render the stolen tokens worthless, and if they end up reappearing on the market in some form down the line.
Disclosure: At the time of writing, the author holds ETH, IOTA, ICX, VET, XLM, BTC and ADA.
- Bitcoin price hits record $90,000 high: Here’s how it got there
- How to set up a Trezor Model T hardware wallet with Trezor Suite
- Is it too late to invest in Bitcoin?
- Bitcoin’s price inches in on all-time high as experts project an AUD$100k year-end valuation
- Ethereum’s price continues to flirt with all-time high as market cap continues to grow