The largest existing exchange for altcoins, Mintpal, has put up a notice on their support page alerting all Mintpal customers that they have been attacked. They stated that the target of this attack was the exchange’s stock of VeriCoins.
VeriCoin is a “Proof-of-Stake Verified. Proof-of-Work Distributed. Network-Stake-Dependent Interest” crypto-currency that boasts a minimum stake time of 8 hours, with no maximum stake time or amount.
Mintpal made a point of saying that their security was indeed breached, but that VeriCoin was the only thing taken from the exchange’s possession. While a substantial amount of VeriCoins were lost in this security breach—although Mintpal has not said specifically how many were lost—VeriCoin and the VeriCoin network was not compromised and did not suffer from any damage as far as security and infrastructure are concerned. Mintpal stated that they have been working diligently ever since the attack to secure both the exchange itself and the withdrawal process of the exchange so that another attack such as this one does not happen again. No other crypto-currencies were stolen in this attack, and the exchange is currently processing withdrawals for all other crypto-coins.
Furthermore, serving as a breath of optimism in the aftermath of the attack, the Mintpal team, the VeriCoin developers, and all other major altcoin exchanges are working to create a hard fork in VeriCoin’s blockchain, starting at a point before the attack. If this hard fork is successful, Mintpal will be able to retrieve all of the stolen VeriCoins and process all VeriCoin withdrawal orders. The Mintpal team also mentioned in their announcement that they will be working to reimburse the losses that any exchange suffers as a result of the fork.
Customers can expect the Mintpal support lines to be clogged up and busy in the next few days, as they will be dealing with the fallout from this attack. The team has asked for customers to have patience with them in the coming days, as they will be working at full steam to straighten out any problems arising from the attack while also improving their security to avoid another security breach.
So, while this event has uncovered a flaw in Mintpal’s security, and while many VeriCoins were lost in the breach, Mintpal and the VeriCoin development team assures the exchange customers and VeriCoin users that they are doing everything they can to return the stolen coins, restart the exchange’s VeriCoin withdrawal process, and improve the security of the exchange.
Mintpal is the single largest altcoin exchange in existence at the present moment, having two or three times the amount of activity as Cryptsy, another altcoin exchange that offers a variety of crypto-currencies, including VeriCoin and Bitcoin. Apparently, Mintpal has not been using cold storage to safely hold their funds that are not being actively used in transactions, since the attacker(s) were able access the exchange’s stock of VeriCoin—and would presumably be able to access the rest of the exchange’s crypto-currencies if they desired to. This event surely will inspire Mintpal, as well as any other exchanges that are not using it, to start utilizing cold storage in order to keep their funds safe from future attacks.
Coin Brief will continue to follow this story and will provide updates on any developments that are released by Mintpal and the VeriCoin development team.
Here is the Mintpal announcement in its entirety:
[box type=”shadow” align=”aligncenter” ]Please read the entirety of this post.
A few hours ago we were unfortunately the subject of a successful attack against the exchange. Our investigations have shown that whilst our security was breached, VeriCoin was the target. We would like to stress that VeriCoin and the VeriCoin network has not been in any way compromised. We have worked to secure the exchange and the withdraw process from any further attack.
As it stands at the moment the following applies:
1) We lost a considerable amount of VeriCoin in the attack, however we have been working with the VRC developers and all major exchanges to hard fork the coin at a position before the attack. This will allow us to retrieve the stolen coins and facilitate all withdrawals. We are also working with various exchanges to accommodate any losses they may encouter as a result of the required fork.
2) We are currently processing withdrawals for all other coins.
As I’m sure you will appreciate, our support channels will most likely be very busy over the coming hours/days so please bear with us.
We would like to personally extend our thanks to the VeriCoin developers and the other exchanges who have pulled out all of the stops to ensure that your VRC funds are safe.[/box]
i’m one of the victim
Having so much Vericoin in an exchange just proves how insecure they were, their decision for a rollback also left merchants hanging.
You cant only blame the exchange.
huh, realy money is unsafe – easy to steal. Seems that crypto no big difference