8 Million Vericoins Stolen in a MintPal Exchange Attack
Cryptocurrency exchange MintPal has been attacked by a hacker and lost millions of vericoins from its hot wallet.
Vulnerability of site’s withdrawal system was exploited on the 13th of July. According to MintPal’s announcement, the hacker was able to bypass internal security measures and withdraw the contents of the vericoin wallet.
Bitcoin and litecoin wallets were targeted by the attack as well. However, cold storage procedures implemented on these wallets prevented any incident happening,thus user balances were not affected.
The outcome of the attack is encouraging for changes in the usage of hot wallets as there have been issues that major Bitcoin exchanges were facing this year connected with hot wallets.
MintPal is digital currency exchange registered in the UK that trades bitcoin, litecoin and popular altcoins such as vericoin and darkcoin.
Roughly 8 million vericoins were lost during the breach, that is almost 30% of the total amount of coins that exist.
Considering the magnitude of damage dealt, vericoin’s development team hard forked the coin’s blockchain to counter the theft. This was done to prevent the loss of approximately $2m in investor funds.
New wallets are now available for download after the fork has been completed.
The attacker utilized a SQL injection to initialize the wallet withdrawal. MintPal noted that only vericoin wallet was affected during the attack which included the database of customer information.
Failure to secure customers coins in cold storage led to the vulnerability, the company said. A huge amount of coins were left in the hot wallet due to an error in vericoin cold storage setup.
MintPal added stricter cold storage protocols after the attack, also, withdrawals are now cleared manually till the system is proofed for any other vulnerabilities.