$500 000 USD

NOVEMBER 2019

VIETNAM

VINDAX

DESCRIPTION OF EVENTS

“VinDAX, a Vietnam-based crypto exchange, became the target of a sophisticated hacking attack that saw it loses $500,000 (and perhaps more) in digital assets, the company acknowledged on its Telegram group. The attacker(s) stole 23 digital assets, most of which belonged to the customers and investors of VinDAX.” “VinDAX is primarily engaged in conducting token sales of little-known projects via its Launchpad platform. There is currently a token sale going on the platform for blockchain project MyFie, while there are at least 5 more token sales scheduled on the platform.” “An administrator confirmed the hack but declined to provide details.” “The admin declined to share further information but said: "We have made a full recovery from this attack," without providing details.” “VinDAX emailed the projects that had been impacted by the theft asking for funds. It’s unclear if any of the projects accepted the offer or not.” "Please lend us an amount of your token/coin equal to 30%-100% the amount that was stolen in the last accident so that we can address the withdrawal request of the users that are related to your token/coin,” one of the emails reportedly read.

ERC20 tokens in general have limited security due to a lack of multi-sig, as such functionality generally has to be built into smart contracts, and smart contracts are often hackable. The exchange dealt mostly with smaller blockchain project tokens, which would have been ERC20 tokens. The advantages with dealing with smaller-scale projects is that the exchange can sometimes request replacement tokens from the project, as appears to be the case here. In that case, the token supply for the project will effectively increase as there are both stolen tokens and replacement tokens. It was most likely due to this that the exchange was able to recover, although the exchange may still be operating with limited reserves given that their email appears to have only asked for 30% replacement in some cases.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.