Looks like Coinex.pw might have been hacked

General

The End

As much as everyone hoped that Coinex would make a comeback the exchange is now gone for good. Erundook aka Vitaly and CaptainFuture have vanished from the face of the Earth.

Rumour has it all valuable coins were dumped on Cryptsy shortly after the site went offline.

Let the below serve as a reminder, a chunk in time where people once again lost crypto because of an insecure site and immature owners. Trust no one in the crypto game.

Unfinal conclusion

Seems Coinex are stopping people withdrawing their coins and yet, still accepting deposits. They’ve gone quiet to questions and stopped publicly informing people.

So, due to popular demand, the contents have been reinstated containing Vitalys details in hopes he addresses issues over at Coinex publicly once more.

Final update: conclusion

Holy shit. Hell has frozen over. Coinex has indeed returned, although not at full capacity and not with everyone’s coins. A ethical hacking test and security audit will apparently be taking place shortly by NCC Group. We still have no explanation as to what happened, how it happened and reassurance it won’t happen again. Hopefully the security audit helps.

Erundook issues an update 28/3/2014

Hi all,

We have managed to gather about 50% of missing funds in bitcoins, we will be buying missing altcoins with them this weekend. After some calculations we came to a conclusion that 50% is a fair number to resume exchange operation and if all the users wont withdraw their funds right away, we can keep it running using fee incomes to get the second missing part covered with them. We also called several security audit companies to do an audit for coinex. We’re sorry for this to take so long but it should be understandable that recovering a business from this point is really ALOT of work. I am personally a rare guest at forums and other chats since chatting doesnt really help to get it back to life, it only takes time from getting the actual things done.

Again, I am personally giving my apologies for bad estimates about restoring our services, this is a tough thing to try and estimate time for it as it depends on too much factors, like altcoin markets not being deep enough to buy in alot of coins missing from our exchange.

Another personal note: as a try to gather more funds, I am selling my GPU farm now which is 24x Radeon HD 7990 and I will be happy to send it anywhere around the world and accept bitcoins as a payment method. Those bitcoins will go to cover the coinex losses, too. You can find a pic of my rigs attached, you can buy the whole rigs or just the cards as you wish.
Pics:
http://cl.ly/UhYY
http://cl.ly/UhXl
http://cl.ly/UgWm
http://cl.ly/UhIU

Also, if anyone wants to donate to help coinex get back to life, here’s the BTC addy to do that:
16Xs3TsZWwoRZnKEXJZh72FUrzWv7VKbn4

Thanks for your patience,
– erundook

Another response from Erunook. Still no answers, but at last, a not-so vague response from Erundook. The whole situation still feels like a joke, “but we will definitely do it this week” still feels like a lie. A presentation was promised, no such presentation seems to exist yet.

So many remaining questions. No promised presentation. At least talk of a refund figure is finally coming out of Vitaly’s mouth, but still no action has been taken. It has been all talk, no action and nothing to show for it.

Coinex Twitter issues an update 25/3/2014

@ipitythefool87 we’re preparing presentation and a proposal about feature of CoinEx, this takes a bit more time that we initially supposed

— CoinEX.pw (@CoinexPW) March 25, 2014

@ipitythefool87 but we will definitely do it this week

— CoinEX.pw (@CoinexPW) March 25, 2014

This situation is becoming a joke. Empty promises being made by Coinex repeatedly, only a few days left of the week before they need to back up their words or die by the sword.

Erundook issues another update 23/3/2014

CoinEx will start refunding accounts next week. Keep calm & carry on.

Another ambiguous update from Erundook about the Coinex situation. Still no explanation what happened, what coins were stolen, who stole the coins, how they were stolen and if the site will be making a return. This situation is a joke and by no means any reasonable way to handle a theft of potentially hundreds of thousands of dollars.

More importantly, how are the funds being refunded, with what money? The details are scarce on the situation. Maybe Erundook is waiting for his fake passport to arrive so he can flee the country.

If all coins are not returned within 7 days from this date, all of the investigative information obtained on Erundook will be permanently restored and further efforts to get more information on Erundook will be undertaken.

Erundook issues another update 20/3/2014

Another update.

Initial 24h timeframe was a bit too optimistic, we need more time to catch up.
While we’re waiting for an answer from a few investors, we came up to another idea which could bring much more trust into the bitcoin community.

Long story short: an insurance company for Bitcoin-based services.

More will come soon, keep calm & carry on.

Thanks!
– erundook

Looks like Erundook has realised fixing the issues aren’t as easy as they seem. All we have are words at the moment and no more detailed announcement as promised within 24 hours of the previous announcement. Another post has been made on Bitcointalk forums.

Considering Bitcoin is backed by nothing, I find it a little hard to believe any kind of insurance for Bitcoin could work. What about the other coins Coinex.pw allow you to trade, are they insured too? Not everyone owns Bitcoin, a lot of Dogecoin holders use/used Coinex as well.

How about instead of dreaming up new ways of taking peoples money by making them pay for insurance policies, that Erundoon and co fix the site issues and give people back their stolen coins. Then and only after giving everyone back what they’re owed, then they can start dreaming up new ponzi schemes to further capitalise on the insecure nature of crypto.

To be honest, even if there was an insurance plan exchanges could take out for their exchanges, it wouldn’t have helped Coinex? If an exchange fails to ensure the site is secure to the best of their abilities and they’ve paid an expert to audit the site and ensure it’s fit for trading, no insurance company would pay out any money to a service like Coinex.pw who failed to even have basic security. What happens if the insurance company gets hacked and they have no Bitcoin to pay out claims?

Erundook issues an update 19/3/2014

Please stop posting FUD about CoinEx, we will issue an announcement within next 24hrs about how we are going to handle the situation.

Long story short: yes, our wallet server got hacked and all funds were withdrawn.

Please read back to the beginning of this thread, we had such a problem before and *returned all the stolen funds from our own pockets*. Before this hack happened, we also had several attacks that lost funds and we silently covered those from our fees.

For those who was stalking me at internets: thats true, i was trying to hide/delete my accounts. At the very first moment i saw zero balance at our bitcoin wallet i knew this was coming. And it scared the shit out of me. Hope you can understand that.
About me selling bitcoins at localbitcoins.com: thats true too. I have 33mh/s scrypt gpu mining farm, I have >50% of coinex fees + I get % from cryptostocks share sells. Nothing criminal here again.

So again, please calm down. We are not doing a runner.

The only way i can see to restore this is to sell more shares at cryptostocks to cover the losses *and to hire a professional security audit team to prevent this from happening again*.
Long story short, we’re covering this from our own pockets again.

Thanks
– erundook

Erundook has issued an update here on Bitcointalk. In the post he confirms all coins were stolen and he was trying to delete his online presence because he freaked. He specifically calls out this blog post, which to me appears to signal that he felt like he had no choice to make a public statement out of fear what the below information would be used for. I am proud of the fact we potentially stopped a hit-and-run situation here and people will hopefully get all of their coins back.​

It’s great after 2 days we got a public response, but at the end of the day is it good enough? Is the problem really resolved? We’ll have to wait and see. This is the second time Coinex has been hacked, will they cover the losses on the subsequent third time they get hacked?

Not to mention the alarming admission that they’ve secretly covered other losses on the site as a result of being hacked, word-for-word: “we also had several attacks that lost funds and we silently covered those from our fees.” — it is great they covered those losses, but the fact they haven’t disclosed potentially tens of attacks is alarming and a real insight into how poorly managed (security wise) Coinex really is.

What is the recourse from all of this? Are people honestly expected to just move on and pretend the hack never happened? All wallets were hacked for a second time, all coins were taken and people are just going to let it slide. In the Bitcointalk thread people are talking of donations and cryptostocks. What will people say when it happens again?

It’s quite clear that Erundook and Coinex are much more concerned with pocketing the fees they collect then they are paying someone to maintain and secure the site. Security is a hard job, a proper security consultant can run upwards of hundreds of dollars per hour, do people honestly believe Erundook will pay someone anywhere near that to keep the site secure? I don’t know what to believe any more.

My advice would be to trade wisely and carefully, consider alternatives to Coinex as there are mounting piles of evidence it is not being run as a professional business  nor being taken seriously. Considering Coinex are trusted with hundreds of thousands of dollars in coins at any given time, the lack of care on their part is discerning.

As such, I redacted all information posted on Erundook. I still have it on hand, but if the situation is handled as Erundook says it will be, there is no longer a reason to keep the information public. We wanted an answer and we got one.

Back story

On the 16th of March I posted this blog post which contained some alarming clues as to why the crypto exchange Coinex.pw went down without notice. A vague Tweet was all we had to go on that said “Security issue, investigating” — nobody knew what was going on or what happened. People were seeing their coins moving around; Bitcoin, Dogecoin, Infinitecoin to name a few.

Immediately seeing what was going on, I started doing investigating.

I discovered Erundook the lead developer of the site was trying to erase his presence. His personal Twitter deleted, his Github account with site API documentation also deleted. Through some Google searches and cached pages, going back piece-by-piece, I was able to find out his real name, potentially where he lived, images of him and his location.

Although I was assuming the worse, I was keeping level-headed about it. I did what Erundook and Coinex failed to do: give customers information about what was happening. Even though Coinex had email addresses of all customers, they remained quiet. After what happened with Mt Gox, it would have caused them less headaches to just be upfront immediately.

If you use the exchange Coinex.pw it is looking like you might have lost your Bitcoins and or any other crypto coin you had on the exchange. Not long after Mt Gox went down, it looks like another exchange has potentially bitten the dust.

All we have is a Tweet from Coinex’s Twitter that says, “Security issue, investigating” and that’s it. The site currently says it is in maintenance mode, no other explanation has been given.

See images below in-case the site goes complete down and Twitter gets deleted:

Some private investigating seems to indicate Erundook aka Vitaly A. Sorokin has been trying to erase himself from the Internet. I am not confirming the site has been hacked or Erundook is somehow responsible, but it is not looking too good for the site nor the actions that have been taken thus far by the lead developer.

All information below was obtained with ease publicly in the form of Google searches and treating it a bit like a Where’s Wally search. No info was stolen or obtained by any nefarious means, all I did was find a piece of info and work my way backwards like anyone else could with minimal effort.

I will be continuing to update this post when I obtain any new information about the situation and will add/remove info accordingly based on what I discover. If it turns out Erundook is innocent in this situation, all evidence will be removed and a prompt apology will be issued. You can hold me to my word.

The clues so far:

  • Coinex.pw is down (including the API)
  • No explanation as to why other than a vague Tweet
  • Multiple people reporting they’re seeing their Bitcoin coins being split and sent to multiple wallets (following addresses in the blockchain)
  • Erundook has deleted his Twitter: https://twitter.com/erundook
  • He has also deleted his Github account: https://github.com/erundook (this contained the API documentation, etc)
  • User xman89 on Bitcointalk has posted info that he believes shows his Dogecoin on Coinex were sent to another wallet and then sent onwards again to other wallets.

What I’ve found on Erundook: