UPDATE 1: Fxxxx provided a longer log of the chat conversation. A lot of threats were made by CryptoRush towards the Blackcoin developer. Not the best way to talk about things, see for yourself here . It’s understandable the CryptoRush team doesn’t want this part to go around the net, since the threats made by fyrstikken aren’t pretty to say the least.
Another exchange is facing difficult times. CryptoRush has been in the eye of the storm concerning a bug with Blackcoin. Thousands of Blackcoins are reported stolen, leaving many of the customers with empty wallets.
Long patching time
According to a post at Bitcointalk made by Linkandzelda, one of Cryptorush’s founders, there was an unannounced fork that caused many people to upgrade without giving proper notice to everyone. The CryptoRush exchange didn’t find out until seven hours after the upgrade, resulting in considerable losses for a lot of customers. Pretty slow response time for an exchange, which resulted in the following statement:
“For this we apologise about our slow updating to the new version causing many traders potential losses. This is where we announce that BlackCoin was stolen from us by users, caused by a bug in the BlackCoin daemon.”
So what did the bug actually cause? According to Linkandzelda everyone’s user balance was inflated to an extra 22 million coins. We’ve seen that one before, Zeitcoin ring any bell? People’s balances were all wrong with that coin as well, allowing them to withdraw more than they had. “It’s really getting old news for us, and this time the loss was even bigger than Zeitcoin.”, Added Linkandzelda. To illustrate amounts, he added some extra explanation and numbers.
RelatedNews
“Total withdrawn: 20,381,892.41143484
Total deposited: 20,448,517.07003221
Total stake generated: 1,640.08575003
Supposed current site balance: 66,624.65859738
Consolidated reported current site balance (user daemon accounts): 22,052,756.46576266
Actual daemon balance: 68,025.87273473
As you can see, the report showed that every combined users reported balance is over 22 million when our wallet balance is only 68k. At the time we pulled BC offline after the update we had only 53.xx coins on the balance. This is a clear sign of a stake bug, and as you can see by this daemon call it confirms the origins of the bug.
./blackcoind getbalance ”
-22052702.65300247
This is because, as told to us by the developer, a bug where the state generation takes away the amount from the main account while still generating the amounts under the specific daemon accounts. We were working with the developer for a while to resolve the issue, and he did fix the bug in the daemon, making our statistics report correct again.
Total withdrawn: 20,381,892.41143484
Total deposited: 20,448,517.07003221
Total stake generated: 1,640.08575003
Supposed current site balance: 66,624.65859738
Consolidated reported current site balance (user daemon accounts): 66,624.39639811
Actual daemon balance: 68,025.87273473″
Pointing fingers
After confirming this data, Linkandzelda points fingers at the Blackcoin developer. He supposedly admitted there was a bug, but refuses to help them in solving the issue.
“For future reference here is a complete pastebin log of the chat since I joined the channel #bcdevmeeting and my conversation with the developer http://pastebin.com/qW3xRmcL . The log clearly shows him helping us solve the problem and admitting to a bug, but refusing to have any care about how to resolve the situation.”
No real solutions
So what does this mean for CryptoRush and their Blackcoin market? The market is closed until further notice. There is a loss of 1554503.10052230, 121.xx Bitcoins at the time of writing. It was taken by users who exploited the bug, knowing they could withdraw more than they owned. Some users contacted the exchange to tell them they were able to do this.
The whole story is fresh and it’s unclear what the real consequences are going to be. The thread at Bitcointalk links to a pastebin where people can see the whole chat conversation between the Cryptorush admins and the Blackcoin developer. Other than a lot of swearing and threats, there isn’t much to be seen. You can find the full chat log here .
How CryptoRush is going to refund the stolen coins to its users is still unknown, everyone is waiting for an official announcement about that. CCN will obviously keep track of this story and post updates whenever available.
