QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$500 000 USD
NOVEMBER 2019
VIETNAM
VINDAX
DESCRIPTION OF EVENTS
"The Most Optimized-Trading-Fee Crypto Exchange in the World. Everyday, we fight to change, thrive and optimize the transaction fee for users." "Vindax is a cryptoasset exchange located in Vietnam." "VinDAX which is an abbreviation standing for Vin Digital Asset Exchange platform, is a Vietnam-based centralized cryptocurrency platform that offers an extensive assortment of digital assets." "VinDAX is founded as a Vin Digital Asset Exchange platform that will connect cryptocurrencies and blockchain assets with wider audience using a beautifully designed user interface and intuitive trading technology." "Since Mar 2019, VinDAX Exchange has been live for cryptocurrency trading for global users The exchange focus on providing exchange services for digital cryptocurrency transactions with high security level, excellent efficiency and well-optimized trading fee."
"Everyday, VinDAX takes their best efforts to change, thrive and optimize all exchange functions for users, serving more than 1.5 million users from almost countries and regions. This is the place where multi devices are supported: Desktop (Window, Mac), IOS, Android." "We are working to enable novice to learn about our platform while they're exchange utilizing key specialized pointers, big data, analytics, community strategies, fundamental analysis and automated trading bots. In the fragmented exchange space, this innovative approach is rarely found. What's more, clients will have the capacity to enjoy premium features and get discounts on different fees by using the VD coin."
"They also introduce VD, a functional coin designed to facilitate simple, successful trades using user-friendly tools." "VinDAX can serve new investors with simple and understandable risk management and profit taking strategies while still provide features advanced enough for institutional investors." "The VinDAX platform is build with essential trading data and analytics, friendly trading bot functionality, integrated trade signaling for entries and exits and much more. We develop these advanced features to empower our exchangers to gain profit and knowledge as they go with us and never miss any opportunities that they might have to optimize the benefit that VinDAX bring to them."
"VinDAX is a company primarily providing the trading of stocks. In recent years, they also ventured into the world of crypto-assets." "VinDAX had over 390,000 visitors [in October 2019] and the majority (over 65%) of them were from India, according to web analytics firm SimilarWeb." “VinDAX is primarily engaged in conducting token sales of little-known projects via its Launchpad platform. There is currently a token sale going on the platform for blockchain project MyFie, while there are at least 5 more token sales scheduled on the platform.” "The majority of trading pairs on the platform are all small tokens with a nearly non-existent market cap."
"On November 5, 2019, Vietnam-based cryptocurrency exchange VinDAX was hacked, losing half a million U.S. dollars’ worth of funds spread across 23 different cryptocurrencies." “VinDAX, a Vietnam-based crypto exchange, became the target of a sophisticated hacking attack that saw it loses $500,000 (and perhaps more) in digital assets, the company acknowledged on its Telegram group. The attacker(s) stole 23 digital assets, most of which belonged to the customers and investors of VinDAX.” "It is believed that nearly two dozen digital assets were affected during this security incident. That in itself is worrisome, primarily because the company hasn’t disclosed which those assets are." "Given how low the market cap of some of those assets might be, it seems unlikely that [the] figure [of $500,000] is 100% accurate."
"VinDAX is under a maintenance for Withdrawal and Deposit function only. This is an unplanned maintenance for security checking. When the maintenance is finished, we will inform you all!. Other activities on VinDAX is still running as usual. Sorry for this inconvenience."
"Deposit and withdrawal function is working normally at the moment. However, there are some remaining tokens/coins still in checking so their withdrawal function is temporarily disabled. If you get any issue related to Withdrawal and Deposit, please kindly contact us directly."
"An admin of VinDAX’s official Telegram channel, with the handle “@VinDAXSupport” confirmed to The Block on Friday[, November 8th, 2019] that it is “true” that the exchange got hacked and lost cryptocurrencies worth the amount. They said the breach took place “3 days ago.”"
"One source familiar with the matter told The Block that VinDAX has lost the funds via 23 cryptocurrencies. The admin declined to share further information but said: 'We have made a full recovery from this attack,' without providing details."
"The Block has further learned that VinDAX has been sending emails to projects of hacked tokens, asking for funds."
"Please lend us an amount of your token/coin equal to 30%-100% the amount that was stolen in the last accident so that we can address the withdrawal request of the users that are related to your token/coin,” one of the emails reportedly read.
VinDAX is a large exchange platform in Vietnam, serving mostly Asian customers with the largest contingent at the time in India. Their specialization was small-cap cryptocurrencies. On November 4th, 2019 (based on their Twitter post), it appears they noticed that a large number of coins (roughly $500,000 USD worth) had been withdrawn from their platform without authorization. It is yet unreported exactly which coins were taken. However, since the coins were all small-cap cryptocurrencies, they were able to contact the projects involved and ultimately full recovered the lost value.
HOW COULD THIS HAVE BEEN PREVENTED?
The primary vulnerability was due to funds being stored in insecure hot wallets, which were able to be breached to request the withdrawals. All customer funds should be stored in cold storage wallets, and protected by multi-signature setups, such that they can't be released without multiple human signatures.
Little-known Asian crypto exchange VinDAX got hacked; lost ‘half a million USD’ worth of tokens - The Block (Feb 23)
VinDAX Is the Seventh Cryptocurrency Exchange Hacked This Year: What Should Investors Be Considering? - Lexology (Feb 23)
Most Significant Hacks of 2019 — New Record of Twelve in One Year (Feb 23)
Vietnam-Based Crypto Exchange VinDAX Loses at Least $500K to Hack - AllStocks Network (Feb 23)
VinDAX Is the Seventh Cryptocurrency Exchange Hacked This Year: What Should Investors Be Considering? | Compliance and Enforcement (Feb 23)
Vietnam Crypto Exchange VinDAX Hacked, Losing $500,000 in Cryptocurrencies (Mar 25)
VinDAX Is the Seventh Cryptocurrency Exchange Hacked This Year: What Should Investors Be Considering? | Paul, Weiss (Mar 25)
Vietnamese Crypto Exchange VinDAX has Been Hacked » NullTX (Mar 25)
SlowMist Hacked - SlowMist Zone (Jun 26)
The 23 exchange hacks of 2019 (Aug 8)
https://web.archive.org/web/20190611202300/https://vindax.com/ (Dec 30)
The Block: VinDAX got hacked; lost ‘half a million USD’ worth of tokens (Dec 30)
https://www.linkedin.com/company/vindax (Dec 30)
@VinDAXOfficial Twitter (Dec 30)
@VinDAXOfficial Twitter (Dec 30)
https://coinmarketcap.com/exchanges/vindax/ (Dec 30)
A Comprehensive List of Cryptocurrency Exchange Hacks - SelfKey (Dec 12)
