DragonEx, a crypto exchange based in Singapore, said on Tuesday that its platform has been hacked and an undisclosed amount of user funds was lost.
In its official Telegram account, the DragonEx team said that the exchange was hacked on March 24 and it alerted the authorities in Estonia, Thailand, Singapore, and Hong Kong.
The team said:
Several Judicial administrations were informed about this cyber crime case including Estonia, Thailand, Singapore, HongKong etc. and we’re assisting policemen to do investigation. All platform services will be closed and the accurate assets loss recovery situation will be announced in a week. For the loss caused to our users, DragonEx will take the responsibility no matter what.
According to Joanne Long, an administrator of the official Telegram account of DragonEx, the team has been able to identify the stolen funds from the exchange.
Fortunately, some of the funds were sent to Know Your Customer (KYC)-enabled and strictly regulated exchanges like Bittrex, based on the statement of Long.
If the funds are stored on a Bittrex wallet and the DragonEx undergoes appropriate steps to alert Bittrex and request help from the exchange, there exists a strong possibility that some of the wallets containing stolen funds will be frozen.
The exchange has identified other addresses used by the hackers to move the stolen funds from the exchange and the company told its investors that it is cooperating with other exchanges to recover the funds of users.
The company has said that it will take full responsibility for the theft of user funds and will continue to collaborate with the authorities and other exchanges until all users are compensated.
It may not be possible to recoup all of the funds lost during the attack as hackers may have tried to send funds to different exchanges and wallets with the intent of holding onto the funds for an extended period of time.
A previous study found that some hacking groups targeting cryptocurrency exchanges held onto stolen funds for over a year to move the money without alarming exchanges.
A potential issue in the process of recovering user funds could be the loss of company funds alongside the funds of users.
In an update, the DragonEx team said:
We have encountered attacks from hackers and our users’ crypto assets and DragonEx’s crypto assets are both stolen. International Policemen are investigating. Please wait for following announcement about the accurate loss situation.
If a significant portion of corporate funds has been lost during the hacking attack, which still remains uncertain, the exchange may not be in the position to refund users immediately after the investigation comes to an end.
More importantly, if the funds of the exchange were stolen as said by the DragonEx team, it raises the question on the extent of which secure cold storage systems were utilized to protect the holdings of both the exchange and users.
One similarity in most cryptocurrency exchange security breaches and hacking attacks is the lack of robust cold storage systems.
Exchanges that have never been hacked since their inception including Coinbase, Binance, Kraken, Gemini, and others are said to be storing most of their funds in cold storage, which refers to an offline cryptocurrency wallet that cannot be compromised by hackers.
Although the type of infrastructure DragonEx integrated to store and secure user funds remains unclear, the company has said that it is committed in recouping user funds and prioritizing the reimbursement process.