Abstract : The cold wallet of CoinTiger exchange was stolen, and the proton chain of 400 million PTTs was missing, which made investors suffer huge losses. After the incident, the exchange and the project side launched a number of rounds of announcements, which formed a confrontation, but CoinTiger did not come up with a valid compensation plan. Instead, it closed the PTT coin-return function (the coin channel was still open).
On August 21st, the Proton Chain (PTT) official website issued a comprehensive warning statement on the CoinTiger exchange regarding the recent theft of PTT, and launched a comprehensive risk warning to the CoinTiger exchange. The announcement stated that PTT holders and supporters are strongly reminded that any PTT-related recharges and transactions on the CoinTiger exchange are extremely risky.
Why can a cold wallet be stolen? Why does CoinTiger not directly suspend trading to make a loss after being stolen, but to close the PTT coin function? Does the exchange have sufficient PTT to pay? A series of questions have yet to be resolved. ChainDD finds out that hundreds of PTT investors have spontaneously organized rights groups and denounced CoinTiger. After contacting a number of investors and project sides, ChainDD tried to break the unclear "cold wallet theft".
The 400 million PTT "stolen coins" happened suddenly
On August 17, the CoinTiger exchange suddenly released an announcement. According to the announcement, they recently found that the cold wallet storing PTT was hacked during the regular cold wallet verification check, resulting in theft of the wallet [401,981,748] PTT.
Perhaps due to the early disclosure of the news, the PTT secondary market suffered a strong turbulence. On the 16th and 17th of August, the Pint/USDT trade on the CoinTiger exchange underwent a sharp drop. On the 16th, PTT reported a maximum of 0.0046 US dollars, with the lowest reporting 0.000041 US dollars. The biggest drop in a single day was close to 100%, and it once fell more than 70% on the 17th.
PTT/USDT transaction price; time: August 26, 2019 08:12; source: CoinTiger Exchange
According to the CoinTiger exchange announcement, they have tracked the hacker's final wallet address. Since the PTT contract has the right to lock a specific address, CoinTiger locks the PTT at that address at 4 pm on August 16 after communicating with the PTT project side. As of press time, there were [280,269,180] PTT in the address that hacker used to store the PTT
In other words, of the 200 million PTT stolen incidents, 120 million went to the market and another 280 million were controlled.
Since then, CoinTiger said that it has repurchased in the secondary market and would “pay the bill” to make up for the 120 million PTT losses of the position users, and propose a “map new currency” plan for the PTT project side, suggesting that the PTT project side upgrade the contract and map the locked 280 million PTT assets to the new currency according to the user's position.
However, the plan for contract upgrade was directly rejected by the PTT project side. They responded to CoinTiger, "The contract has no problems and has been closely audited. The PTT incident has nothing to do with the contract, so please do not be influenced by the logic proposed by the CoinTiger exchange that 'requiring contract upgrade to avoid the piracy’”.
CoinTiger and the PTT project sides were in a stalemate. CoinTiger chose to close the PTT coin-operating function (the coin channel is still open), and even the PTT market maker's coin-receiving function and trading function were closed.
The PTT project side pointed out on its official Twitter on the 19th, "CoinTiger closed the coin withdraw function of the PTT because they did not have enough PTT to the user."
As for why the account of the market maker is also "posted", PTT internal insider Geng Bo told to ChainDD that CoinTiger is afraid that PTT market makers will withdraw funds and affect the secondary market.
At present, PTT has been opened for trading on six cryptocurrency exchanges such as CoinTiger, Matcha and BCEX. CoinTiger was once the largest trading platform for PTT in the early days. But after this sudden sell-off, PTT's price on the CoinTiger exchange is "disappearing."
According to the morning quotation on August 26, the price of PTT in the Matcha, BCEX and other exchanges fluctuated around 0.0032 US dollars, while the price of PTT on CoinTiger has dropped to 0.0015 US dollars, with a price difference of more than 2 times.
PTT was stolen as early as July 1. Why does the exchange keep it secret?
According to the hacker address provided by the CoinTiger exchange, the 400 million PTT was sneaked away by hackers as early as July 1, and it was not until August 17 that CoinTiger officially disclosed the incident to the outside world. According to the dictation of a number of PTT investors, it can be known that the theft of PTT has had a clue, but CoinTiger has not said.
Geng Bo told to ChainDD, “There were users who reported that there was a change in the currency address of the exchange. We thought it was ordinary action taken by the inside of the exchange so we didn’t care too much about it.”
Chen Dan is a user who holds PTT. According to Chen Dan's description, every time he applied for PTT, he had to seek customer service, but by August 14, the situation began to get worse. The submitted work order has been in an "unaudited" status. When asking the customer service, they let him continue to wait with a reason of "wallet maintenance". On the 15th and 16th, the customer service directly suggested that Chen Dan replace the PTT with other currencies.
Another holder of the currency also revealed that CoinTiger began to restrict the withdrawal of coins on August 14th. Although the function of withdrawing coins has not been closed, the review has been stopped.
As more and more community users began to reflect such problems, Geng Bo realized there were some problems with the situation. "I asked the technology department to check and found that CoinTiger's wallet address should be within the top five of our total currency. But suddenly I can't see it." Subsequently, Geng Bo contacted CoinTiger and was told that the cold wallet was stolen and 400 million PTTs were missing.
According to the chain transfer record, the hacker transferred the money to the BCEX exchange (one of the official trading platforms of PTT) after stealing 400 million PTTs. Perhaps it was difficult to swallow huge amounts of PTT funds due to the transaction volume and depth of BCEX, so the hacker transferred the 280 million PTT batches to their wallet address. The money was later frozen by the exchange by locking the contract.
Stolen fund flow chart
The proton chain has a total issued 10 billion PTT, and the current market circulation is 5.5 billion PTT, with a circulation rate of 55%. According to the top ten positions of PTT, it can be found that the number of positions held on the Matcha Exchange is 3.575 billion PTT, accounting for 35.75%, which is the largest circulation. The BCEX position is 208 million, accounting for 2.08%, which is lower than the 400 million stolen by hackers.
However, this matter is far more complicated than imagined.
According to the July 1 transfer record provided by PeckShield, on the day of PTT theft, other ERC20 tokens were “stolen”, including REP, BETHER, OLE, YEE, etc. Apart from PTT, the incident has covered $69,700. “A lot of tokens were immediately transferred to the exchange, just because the value was not as high as PTT, so the exchange was internally digested,” said a security company’s professional.
Accountability of exchange and project side is deadlocked, PTT investors maybe become the biggest loser
The biggest dispute between CoinTiger and the PTT project is "how to pay and who will pay."
For CoinTiger, the stolen 120 million PTTs were in the market due to their own faults and required “rigid claims”. CoinTiger also came up with a plan to “repurchase PTT”.
However, CoinTiger did not give a clear and specific repurchase plan and redemption channel for this program. While the latest information stayed a week ago, CoinTiger said it had bought 47 million PTTs before August 17. But as of August 24, CoinTiger's PTT hot wallet has only 37,155,800 PTT remaining, far below 120 million.
For the locked 280 million, CoinTiger directly asked the project side to upgrade the contract, hoping to create a new currency, and then map the 2.8 PTT that had been frozen to the new currency.
In a follow-up announcement, CoinTiger said, “Locking the hacker address and freezing 280 million PTT stolen assets indicates that this part of the 'stolen’ asset has been 'picked up', which should be 'returned to the original owner' (returned to the exchange). However, now the PTT project side refuses to upgrade the contract and maps this part of the stolen assets to the exchange. This is the same as the practice of not returning the property to the owner, which not only encourages the arrogance of the thief, but also brings the suspicion of 'invasion of crime', because the project side has the power to lock assets, as well as the power to thaw assets."
However, the project side cannot accept such a solution. "The cost of the upgrade contract is so big that we can't accept it." Geng Bo pointed out that if you want to upgrade the contract, PTT should close all the exchanges and withdrawals of the exchange, and all users should bear the cost.
CoinTiger's statement in the announcement was seen by investors and the project side as confusing. Geng Bo said that the frozen funds need to be determined to be vested before the project can cooperate. He pointed out that CoinTiger needs to publish the details of the theft, as well as a complete list of data for all the money-holding users and the total amount of money held by the holders. Otherwise, if the project side is suddenly required to do the mapping, it means using 280 million to make up the hole of 400 million, which can not complete the rigid redemption of everyone.
"If the currency is stolen, it will be mapped. The exchange has made a mistake. Why should the project side and the currency holder pay for it?" PTT holder Wang Jiangyuan said that this is simply nonsense.
In this hacking incident that occurred two months ago and only disclosed now, clearing the responsibility side has become the key to solving the problem. But in subsequent processing, PTT holders were the biggest victims, and they were “trapped” on the CoinTiger exchange. Before the disclosure of the stolen coin incident, CoinTiger suspended the user's withdrawal of coins, but the price of PTT on CoinTiger was gradually lower. Users watched the gap between CoinTiger and other exchanges getting bigger and bigger, but they could do nothing.
Wang Jiangyuan bluntly said that the exchange can find a way to recover 280 million PTT stolen assets, but it is not the reason to stop users from raising coins. It is irresponsible to treat customers as chips. "After the project side mapping, we will open the withdrawal. We have already lost money. Do you want me to suffer from further loss? " said Wang Jiangyuan.
Rare "exchange cold wallet stolen" case
Coin stolen incidents of encrypting digital currency exchanges usually happen in hot wallet assets, but it rarely happens in cold wallets.
In the case of CoinTiger’s theft, the hacker attacked the cold wallet. A security company's professionals revealed that in theory, a cold wallet would not be hacked. He told to ChainDD, "If you lock the private key into the safe, the ordinary person seems almost impossible to steal it, but if the thief is diving into your house and opening the safe, do you believe it or not?"
The founder of a cryptocurrency exchange believes that the possibility of "inner ghosts" is not ruled out. In response to this detail, some media tried to contact the main person in charge of the CoinTiger exchange, and there was no response from the exchange as of press time. CoinTiger has not disclosed specific explanations and clarifications in the publicly available information.
In this incident, CoinTiger exchange covered the facts of stealing money and disregarded the interests of users and project sides, which made Geng Bo very angry. He said, “We have been working on the project for a year and a half, and we have been advancing the project step by step. However, this incident makes us very tired, we have not trusted CoinTiger any more."
ChainDD will continue to follow up on the progress of this incident. (This article is exclusively published on ChainDD APP. At the request of the respondents, Geng Bo, Chen Dan and Wang Jiangyuan are all pseudonyms)