$43 000 USD

AUGUST 2012

ITALY

KRONOS

DESCRIPTION OF EVENTS

"Kronos.io, a Bitcoinica-esque startup, was hacked in an event shrouded in mystery even today. Led by Jonathon Ryan Owens, who was simultaneously running other new startups on GLBSE (an upstart Bitcoin “stock exchange”), Kronos.io hired several well-known Bitcoin personalities to do work with HTML and coding. One of these was Alberto Armandi, who was related to Bitscalper, a scam earlier that year.[36] Alberto Armandi reportedly hacked into the website he himself helped code. The vulnerability was in the withdrawal script that Alberto coded, reportedly intentionally as a backdoor.[36] Although incredible, Armandi has also released a story denying he hacked the website. Instead, he blamed the theft on Jonathon Ryan Owens intentionally pocketing the majority of the funds with only 1000 BTC being stolen by an unknown hacker.[37]"

It looks like one of the developers deliberately made the withdrawal wallets hackable so that they could withdraw the entirety of the funds. The rest of the team ha incredibly weak or no insight into security.

HOW COULD THIS HAVE BEEN PREVENTED?

The storage of all cryptocurrency in a proper offline multi-signature wallet prevents theft by any individual party, since such a party would need the approval or breach of multiple other members of the team to spend the funds. Given operators properly educated in the protection of funds, such an attack would be entirely limited to the balance in the hot wallets in the worst case. Stronger education for exchange operators can also help ensure that they are aware of the risks.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.