KRONOS

DESCRIPTION OF EVENTS

"Kronos.io, a Bitcoinica-esque startup, was hacked in an event shrouded in mystery even today. Led by Jonathon Ryan Owens, who was simultaneously running other new startups on GLBSE (an upstart Bitcoin “stock exchange”), Kronos.io hired several well-known Bitcoin personalities to do work with HTML and coding. One of these was Alberto Armandi, who was related to Bitscalper, a scam earlier that year.[36] Alberto Armandi reportedly hacked into the website he himself helped code. The vulnerability was in the withdrawal script that Alberto coded, reportedly intentionally as a backdoor.[36] Although incredible, Armandi has also released a story denying he hacked the website. Instead, he blamed the theft on Jonathon Ryan Owens intentionally pocketing the majority of the funds with only 1000 BTC being stolen by an unknown hacker.[37]"

It looks like one of the developers deliberately made the withdrawal wallets hackable so that they could withdraw the entirety of the funds. The rest of the team ha incredibly weak or no insight into security.

HOW COULD THIS HAVE BEEN PREVENTED?

The storage of all cryptocurrency in a proper offline multi-signature wallet prevents theft by any individual party, since such a party would need the approval or breach of multiple other members of the team to spend the funds. Given operators properly educated in the protection of funds, such an attack would be entirely limited to the balance in the hot wallets in the worst case. Stronger education for exchange operators can also help ensure that they are aware of the risks.

Check Our Framework For Safe Secure Exchange Platforms

List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses [Old] (Jan 27)
Kronos.io questions and properties (Feb 14)
Jonathan Ryan Owens locked Rebate, Zip.A, Alberto & BDT thread (Feb 14)
List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (Feb 14)

More case studies

Bitcoin Savings
and Trust

Bitfloor
Exchange Hack