$30 000 USD

OCTOBER 2020

CANADA

OCEANEX

DESCRIPTION OF EVENTS

"I’m from a cold place in Canada with a mining and petroleum engineering degree. I have 2 years engineering experience and a lot more in sales and restaurant business." "Bachelors in Resource Engineering (minerals and oil). Private Pilot licensed. Passionate about Football (soccer). Fluent in Arabic and English with basic Spanish."

 

"I have been a Vechain loyalist since Ven days." "I have studied and invested and am near 100% in VeChain." "Went all in V and must say I am much more relaxed and no more looking for the next big thing over there."

 

"I’m usually more careful but I put too much trust in an exchange." "BUY THE FUTURE. The Next Generation Intelligent Digital Asset Exchange Ecosystem." "OceanEx is an AI powered digital asset trading platform, offering professional services to digital asset investors, traders and liquidity providers." "Oh wow I got a whole 264 OCE."

 

"Had a bunch of VTHO on the exchange." "I had a little bit of BTC in there and a ton of VTHO." "The “just” Vtho is worth about 30k right now :/" "I had 2FA enabled and email prompts when logging in." "[M]y account which has 2FA and email verification. 2FA is on a secondary phone which doesn’t go online mind you." "I have 2FA enabled on a phone that is offline. Also no email notification of the login or withdraw."

 

"Funds disappear with no warning from my account." "I log in one day to find it emptied out." "Out of nowhere I got locked out of my account one day trying to login. Online form said that my password was wrong but thats impossible. I have it written down and it hasn’t changed for some time. That shouldn’t be a problem anyway because I have 2FA enabled on a device that doesn’t even connect to the internet. So I go through KYC again to gain access to my account, after it finally was approved I can login again but behold, my account is empty."

 

"I have looked at the history and it shows which address it went to." "I traced the withdrawal to Florida but could be anywhere." "I follow the address on blockchain explorer and it clearly shows that the VTHO was deposited in the OceanEx account after I got locked out."

 

"I didn’t even get a notification that my account was logged in to on the day my funds were withdrawn." "[I d]idn’t get an email the day it was emptied." "Why wasn’t I notified of a login to my account on the day my funds disappeared? Or even a withdrawal confirmation? These emails are regularly sent to me when they happen."

 

"It would be impossible for anyone to login to my account so the funds were clearly moved from within OceanEx, who else would deposit funds into an OceanEx account anyway." "[T]he login in question was very suspicious, a different country, different browser, how did OceanEx allow this if indeed it wasn’t from within." "How could someone gain access to my account without 2FA?"

 

"OceanEx customer support were useless and basically said nothing we can do about it." "After contacting OceanEx about this they said that I should have a strong password and 2FA enabled which in fact I did." "That didn’t get anywhere[. They] claim there[']s nothing they can do." "[I] still have no answers from the exchange OceanEx." "What if it was simply an employee?" "How can I blame anyone but the exchange when there is simply no other explanation in front of me."

 

"Go ahead and solve that one."

 

"2fa can be hacked, especially if your backup authentication code was found." "The reason why your VTHO moved into the Oceanex account is because it moved from deposit hot wallet to exchange hot wallet, that's common practice." "[T]hey probably deleted the login notifications from your email[. C]heck if the old password you were using was part of a breached database you can do so if you google haveibeenpwnd." " "Don’t go near OCE or their exchange if you can." "Don’t keep funds on OceanEx." "Avoid them, lost funds there with no help." "Yeh be careful with them, I’m never going back there." "Warning from someone who lost there." "OceanEx robbed me." "They burned me hard with unexplained theft from my wallet." "[B]e careful with them, I’m never going back there."

 

I "have lost some faith [in VeChain] because they are partnered with these thieves."

Reddit user wassim0 reported that their account at OceanEx had been breached and all funds taken. They claimed that $30k worth of funds were in the account. It appears possible that the breach originated from password reuse for their email account or the installation of malware on their PC. The thief reportedly locked them out of their account by changing the password, and got by the two-factor authentication system OceanEx had in place.

 

OceanEx was able to provide them with limited details such as where the funds were withdrawn and the IP address of the login (which showed as Florida). They have not shared any details that could be used to trace the funds such as the wallet address where funds were withdrawn. It is presumed that no funds have been recovered.

HOW COULD THIS HAVE BEEN PREVENTED?

It is absolutely critical that passwords used on primary email accounts be unique and of sufficient entropy that someone else wouldn't be able to guess them. It is best to set up two-factor authentication with a physically separate device, and not rely on any second factor on the same PC. 2FA should be backed up offline and not stored on the same hard drive or a breachable email account. Following the situation, wassim0 should have notified the community as to the wallet address where funds were withdrawn and got assistance in tracing the funds to any exchange platforms so they could be frozen and potentially returned.

 

OceanEx should have done more to assist wassim0 during the account setup process to better secure the account. OceanEx should have been able to detect this situation given the susicious nature of the login being from a different location (Florida), requesting a password change, and attempting to withdraw all funds in the account to a new wallet address. They should have assisted wassim0 in filing the proper reports with law enforcement and notifying exchanges expediently.

 

Check Our Framework For Safe Secure Exchange Platforms

If you want to join me in watching metamask account get robbed by some asshole look below : CryptoCurrency (Jul 3)
If you want to join me in watching metamask account get robbed by some asshole look below : CryptoCurrency (Sep 15)
wassim0 comments on vTHOR don't give up on meeee :P "timing" (Sep 30)
wassim0 comments on I think this is gonna be the end of the journey for me. (Sep 30)
wassim0 comments on Daily VeChain Discussion - July 03, 2021 (Sep 30)
wassim0 comments on Daily Discussion - April 18, 2021 (GMT+0) (Sep 30)
wassim0 comments on Daily VeChain Discussion - March 13, 2021 (Sep 30)
wassim0 comments on Daily VeChain Discussion - February 19, 2021 (Sep 30)
wassim0 comments on Not your keys, not your coins (Oct 1)
wassim0 comments on Be Wary of OceanEx (Oct 1)
wassim0 comments on Be wary of OceanEx (Oct 1)
wassim0 comments on Perth Jobs Fair – November 25, 2019 (Oct 1)
wassim0 comments on Crypto Cup Alpha OCE rewards are out! (Oct 1)
wassim0 comments on Daily VeChain Discussion - May 09, 2018 (Oct 1)
wassim0 comments on Daily VeChain Discussion - January 26, 2018 (Oct 1)
GSEDAN comments on Be Wary of OceanEx (Oct 1)
K___G comments on Be Wary of OceanEx (Oct 1)
Be Wary of OceanEx : OceanEx (Oct 1)
Be wary of OceanEx : CryptoCurrency (Oct 1)
Be wary of OceanEx : Vechain (Oct 1)
[For Hire] Resource Engineer/Private Pilot/Fluent in English and Arabic : forhire (Oct 1)
Looking for guidance in a work/health situation in Canada. : legaladvice (Oct 1)
26/M Resource Engineer and Private Pilot looking to relocate anywhere warmer than Canada! : IWantOutJobs (Oct 1)
What is going on with peercoin? : peercoin (Oct 1)
https://twitter.com/OceanexOfficial (Oct 1)
https://oceanex.pro/en (Oct 1)

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.