As CCN.com recently reported, CoinBene has clearly said that no hack has taken place. However, Elementus’ Max Galka believes that a recent, sizable fund movement from CoinBene to several other exchanges is evidence of the opposite. CoinBene wrote in a blog post today:
CoinBene will periodically announce the upgrade and maintenance, and please pay attention to the announcement in time. Please understand that the inconvenience caused during the upgrade and maintenance period. Thank you for your understanding and support!
They tweeted this yesterday:
However, Elementus is a firm dedicated to tracing blockchain movements. They contract with law enforcement, exchanges, and other industry participants to do work very similar to Chainalsysis. Using their Query Engine, they’ve uncovered that at least $105 million in Ethereum and tokens have exited CoinBene.
Galka presents two good reasons to believe that these are not authorized transfers. For one, the funds are being moved largely via “sweeping.” This is where you simply import the private key into a new wallet, enabling you to avoid a transaction fee. Galka writes:
The pattern of transfers between multiple intermediary wallets is not commonly seen among exchanges. It is, however, a common tactic for people who want to cover their tracks — moving the crypto through a series of “sweeping addresses” to make the trail more difficult to follow.
The other factor that raises suspicion is that the funds have quickly been sent to other exchanges, where they were sold. The tokens, for example, were offloaded via EtherDelta, a decentralized exchange whose creator recently agreed to pay a huge fine.
After leaving CoinBene, the tokens were quickly moved into Etherdelta, where they were sold for ETH. A large amount of funds were also moved into centralized Exchanges, including Binance, Huobi and Bittrex. The funds continue to move into exchanges as I write this.
Quick liquidation of proceeds is a major indicator that all is not well. People who withdraw from exchanges don’t immediately take them and sell them at market rate on other exchanges, at least not in these amounts. We’re talking about over 100,000 Ether.
CoinBene has yet to publicly address Elementus’ findings, even with a day of delay. They also haven’t tweeted since yesterday. Perhaps they themselves are only now discovering that something is wrong. Maybe they believed that a period of “maintenance” would help them locate lost funds.
The irony that $70 million of the funds were liquidated via EtherDelta is strong. EtherDelta is a non-custodial exchange, after all, where this type of attack is not even possible. Customers own their funds when trading there, similar to TRX.market or Newdex.io in the Tron and EOS world. The exchange is not intended for fiat conversions, but rather a method of trading Ethereum-based assets.
The basket of coins stolen is wide-ranging. The level of effort required to seize and convert a war chest of “shitcoins” is much greater than the effort involved in stealing something like Bitcoin and offloading it. The total take is $105 million, but only $2 million is in Ether itself. The vast majority of the funds were in the form of Maximine, which has an impressive month.
CoinBene can deny that its apparent hacking. But if that is the case, it needs to explain why so many funds moved from its hot wallets. CCN.com has reached out for comment and will update this article if we receive a response.
Last modified: March 4, 2021 2:43 PM