Hacker’s inner OS: I obviously can rely on technology, but it depends on the safe!
Editor’s note: This article comes from the strategic cooperation blockchain media “Odaily Planet Daily” (Public ID: o-daily, < a href="https://download.odaily.com/">APP Download)
On August 17, the CoinTiger exchange suddenly released a notice saying that the cold wallet storing PTT was recently hacked, resulting in about 400 million (401,981,748) PTTs being stolen from the wallet.
According to the hacker address provided by the CoinTiger exchange, 400 million PTT was hacked away as early as July 1. After more than 47 days, CoinTiger officially disclosed the matter to project parties and users.
At present, the PTT project party has now locked the 280 million PTT wallet addresses, and another 120 million PTTs have been transferred out of the market by hackers.
According to the data of Matcha Exchange, at 3 pm on August 28, PTT quoted 0.023 RMB, which is worth RMB 2.76 million and RMB 400 million worth of RMB 9.2 million. On the morning of August 29, the price has dropped to 0.013 RMB.
However, the project side and the exchange have not yet reached a consensus on the solution, and the exchange has not yet explained the user’s theft of the cold wallet: Why do you conceal the stolen facts? Why can a cold wallet be stolen? Why limit users to withdraw coins?
The project side has also been speculated by the outside world because of the reluctance to do contract upgrades and SGD mapping…
Users can’t raise coins so far, they can only cut meat, or wait.
Theft of a cold wallet is technically zero
After the CoinTiger announcement, the most astounding thing is why the cold wallet is stolen? At present, the general speculation about the theft of CoinTiger cold wallet is divided into two types, either to guard against self-stealing or the emergence of “inner ghosts” on the exchange.
As we all know, cold wallets are not connected to the Internet and are difficult to be hacked. Most of the stolen incidents on the exchange today are caused by the theft of hot wallets, including 7,000 bitcoins in May this year.
Several security companies asked by the Odaily Planet Daily say that from a technical point of view, the possibility of a cold wallet being stolen is almost zero.
“But if the exchange has to say that the private key has been stolen in the USB stick, or put it in the safe, the hacker has smashed the safe. If this is the case, it is really stolen. Who can still be safely stolen?” An analyst at security firm PeckShield told Odaily Planet Daily.
“The cold wallet was stolen, shouldn’t it be a thief? How did it become a “hacker”? This is the worst time for a hacker to be hacked! The hacker’s heart OS: I obviously can rely on technology, I really have to rely on insurance. Cabinet! “Grozen coin user Xiaomi whispered.
CoinTiger has not announced the details of the theft of cold wallets.
The exchange requires project upgrades to create new currencies
After the incident of the money thief, from August 17th to 24th, the exchange and the project party issued several announcements, and the treatment plan was deadlocked.
For CoinTiger, the stolen 120 million PTTs were in the market due to their own faults and required “hard pay”. CoinTiger also came up with a plan to “repurchase PTT”, but the implementation has not yet been announced.
At the same time, CoinTiger directly asked the project side to upgrade the contract, hoping to create a new currency, and then map the 260 million PTT that had been frozen to the new currency.
“We ask that the return is not to let the project party pay for our mistakes, but to ask the ‘return to the original owner’.”
“Second, regarding the contract upgrade, we may not know that this is a common way for the industry to face contractual loopholes or stolen. They have audited the contract, but now there are 280 million stolen money, no upgrade, the upgrade is the most Good sideAnd no trouble at all. CoinTiger also said that it will bear the cost of contract upgrades. “They don’t upgrade, so how do you deal with this 280 million?” This is the problem they have been avoiding.
But the project side is unacceptable. “The cost of upgrading the contract is too great, and we can’t accept it.” If you want to upgrade the contract, PTT will close all the exchanges and withdrawals of the exchange, and all users need to bear the cost. “The PTT project party said.
If contract upgrades and SGD mapping are carried out, all exchanges and users holding PTT will suspend PTT transactions, which is definitely a considerable blow to PTT, where the currency price is rising.
PeckShield Security analysts believe that the exchange does not have the right to ask the project side to do SGD mapping. “For example, if the Fed issued a billion dollars, a big boss 30 million was stolen, the big boss Very anxious, the people looking for the Fed to discuss, you re-issued a billion sam, and then divide me 30 million, the dollar is invalid. In fact, the technical cost of the new currency mapping is not high, is to upgrade the smart contract. For example, if There are a lot of exchanges on your currency. Because of an exchange problem, you upgraded the contract, and then you have to re-issue a currency and then go to the exchange. Other exchanges do not recognize it as a problem, mainly brand and operational pressure. And if the project owner’s own currency is stolen, the project party can make up for the user in this way, but the problem is that the coin is not related to the project party.”
CoinTiger After the news of the stolen coins was released, according to CoinTiger data, the price of PTT fell by more than 70% on the same day; the price rebounded slightly in the past few days, but it fell by 80% compared with the news.
The gods fight, the user suffers: there is no way to withdraw coins
Who is the most injured in this incident is undoubtedly an ordinary investor.
After the PTT in CoinTiger was stolen, CoinTiger frozen the user’s coin.
According to a PTT investor, there are currently only 37 million PTTs in CoinTiger’s hot wallet, and there is no way to pay PTT investors.
The result of this is that the original users who want to withdraw coins can’t just deal with the locals in the exchange, forming a large selling disk and hitting the price down.
At present, the price of PTT on CoinTiger is gradually lowering. Users are watching the spread between CoinTiger and other exchanges, but they can’t do anything. They are “set” on the CoinTiger exchange.
“If CoinTiger wants to return the user’s PTT, it is reasonable to go to Matcha to receive the goods. It is still very simple to buy 4 billion coins, but only slowly receive the goods on its own platform?” Lao Fei Zhao Fei does not understand CoinTiger The current performance of inaction.
“CoinTiger turned off the user’s coin-removing function, but did not turn off the coin-filling function. Second, CoinTiger also closed our trading function in CoinTiger as a marketer account, which means that the price of PTT on CoinTiger is now CoinTiger is completely controlled by CoinTiger to reduce its repurchase costs in the secondary market,” EPT staff member PDT complained.
Should the project side “return” 280 million PTT?
At this point, the money-raising incident has passed two months. The exchange and the project party have not yet reached a unified opinion on the user compensation problem. According to the Odaily Planet Daily, they learned from the two parties that the dispute between the two parties lies in the project. The issue of the ownership of the 280 million PTT frozen by the party.
CoinTiger insists that the locked 280 million PTT is filled by users to CoinTiger. These coins belong to the user and the PTT project party should “return” the coins to the exchange.
“The exchange has occurred in the currency incident. Logically, these 400 million yuan should be compensated by the exchange. Now we have locked in the 280 million PTT that is not flowing to the market. It is helping the exchange, so it does not exist. We return the coin ‘return’ to the exchange.” Eden told the Odaily Planet Daily.
The PTT project expects the exchange to take responsibility for the 120 million PTT that has already flowed to the market. However, according to the PTT project, CoinTiger has not yet begun to deal with the 120 million PTT claims.
At present, the price of PTT on Matcha is higher than the price on CoinTiger, which may lead to users arbitrage, but I don’t know that CoinTiger does not have the function of coin, and it can only be sold at a low price.
” Our initial appeal to CoinTiger was to stop the PTT transaction, take a snapshot of the user’s position, and have 120 million PTTs that have already entered the market.Perform liquidation. Said Eden.
After the liquidation of the 120 million PTT, we will discuss how the 280 million PTT should be handled. This is our request at the time, but CointTiger has not even dealt with the 120 million PTT claims until now.” Eden continued.
And CoinTiger has always wanted the project side to return the 280 million PTT to them. A CoinTiger insider told the Odaily Planet Daily that “as long as 280 million PTT is returned, we will immediately resume the coin and guarantee the user to withdraw the coin.”
CoinTiger: The project wants to cut us
According to the understanding of the Odaily Planet Daily, CoinTiger has not yet proposed a specific compensation plan because PTT has been on the line at the end of July, and the price of the coin has risen greatly. CoinTiger is not willing to The secondary market repurchased 400 million PTT at a high price, and CoinTiger believes that the project side regards them as the largest amaranth.
CoinTiger insider Amy told Odaily Planet Daily that on July 1st they discovered that PTT was stolen when they were doing wallet financing.
Why didn’t I immediately expose this incident because CoinTiger felt that the result was completely controllable according to the price of PTT at that time. Secondly, because some exchanges on the PTT were not deep enough, there were 70 in the hands of hackers. % of PTT did not flow to the market.
As early as June last year, PTT landed in the secondary market. However, the performance is not good, and the currency price has been at a historical low for a long time. According to CoinTiger data, on July 1st, the price of PTT was around 0.00010-0.00023 USDT. After landing on Matcha on July 29, the ProtonPTT project party (PTT) started a 50% discount, and PTT took a turnaround. . At 9:00 pm on July 29, PTT quoted 0.0029 USDT, which was as high as 1098% compared with the purchase price of 0.00025 USDT.
So according to the price of PTT in early July, CoinTiger’s repurchase cost will not exceed 100,000 US dollars. According to the subsequent currency price, it will require nearly 10 million yuan to repurchase 400 million PTT. “It’s just like the price of the currency has soared, it’s a bit too late to prevent it. 400 million PTT has been hundreds of thousands of things, and now it’s tens of millions of market value,” said Pant’s position user Jiang Nan.
So in the stolen coinDuring this period, CoinTiger blocked the money from the project party and the user. In addition to tracking the address of the hacker and checking the reason for the theft of the cold wallet, did CoinTiger have not done any other remedy?
Amy revealed that on July 1st, the money was stolen. From July 2nd, they had prepared emergency funds to buy PTT. PTT said that CoinTiger’s foundation did not buy low prices as planned. PTT.
In contrast, CoinTiger said that the 120 million PTT has been solved. As for why it is not open yet, Amy explained that because the 120 million PTT can’t meet the demand of all users in the market, there is no way. Handle priority issues for users to withdraw coins.
As for the 280 million locked coins, CoinTiger believes that the PTT project party refused to do the contract upgrade and the new currency mapping because the project party wants CoinTiger to take over the PTT in the secondary market, and the exchange believes that PTT is now at the currency price. The upswing is the early stage of attracting the admission of leeks. If this time, the contract upgrade and SGD mapping will affect the whole process of the project party to attract new leeks.
PTT position user Asheng really can’t sit still, he thinks, “Do you want us to wait so now? In fact, both the exchange and the project parties can ask a trusted third party to handle this incident, now let us users It’s not safe every day.”
References:
August 17th CoinTiger Announcement “CoinTiger Tigers on the PTT Event”;
On August 18th, the PTT project announced “Announcement on the illegal theft of PTT on the CoinTiger exchange (latest progress)”;
August 21, CoinTiger Announces “CoinTiger Tigers’ Further Description of PTT Events (Latest Progress)”;
The PTT project announcement on August 21st, “Comprehensive Warning Statement on the CoinTiger Exchange on the PTT’s recent theft”;
On August 24th, CoinTiger released “A letter from CoinTiger about the handling of the theft of PTT to investors”;
On August 24th, the PTT project party issued a “Second Warning, a comprehensive warning statement on the CoinTiger exchange regarding the recent theft of PTT.”