A hack at a small Canadian crypto exchange left its users holding the bag Sunday, as MapleChange announced it had lost all its assets and would not be able to immediately refund its users.
On Sunday afternoon, the exchange, which has Edmonton, Alberta listed as its location on Twitter, announced that a security breach allowed someone to steal all the assets it held. MapleChange added that it would not be able to refund the cryptocurrency until it investigates what happened.
The hack followed MapleChange’s announcement Saturday on Twitter that it had upgraded its server and launched a version 2.0.0.
Due to a bug, some people have managed to withdraw all the funds from our exchange. We are in the process of a thorough investigation for this. We are extremely sorry that it has to come to end like this. Until the investigation is over, we cannot refund anything.
— MapleChange (@MapleChangeEx) October 28, 2018
It’s unclear how MapleChange’s investigation is going, as the exchange did not return a request for comment, but people online are less than pleased. In response to a tweet at MapleChange asking why the exchange deleted its Discord and Telegraph social media accounts after the hack, the exchange replied that, “Because we have no more funds to pay anyone back, the exchange has to close down unfortunately. This includes all of our social media.”
As of Monday afternoon, the exchange’s website was defunct as well.
Many on Twitter allege that, given the response to the security breach, the hack was an inside job by the exchange. The Twitter hordes immediately doxxed a man believed to be behind MapleChange, named Glad Poenaru. Peonaru’s LinkedIn and Twitter have been deactivated, but in a cache’d preview of his LinkedIn on Google, he identified himself as the CEO of MapleChange, Inc.
It is unknown how much in cryptocurrency was stolen from MapleChange users, but the exchange was by all accounts very small.
Hacks, the modern day version of bank robberies, are quite common on crypto exchanges, particularly those overseas, where regulation is more lax than it is in the U.S. According to CoinDesk, more than $500 million has been stolen from Japanese crypto exchanges so far in 2018 through hacks.
“Centralized exchanges must custody cryptoassets on behalf of users,” explained Jake Brukhman, the founder of crypto investment fund CoinFund. “If the exchange doesn’t follow good security practices, then these funds are vulnerable to hacks. Usually, hackers will gain access to the exchange’s secret keys and use them to withdraw funds. Most blockchains are immutable, so it’s hard or impossible to freeze those funds.”
Users are drawn to smaller, international exchanges in part because of the relative lack of regulation, Brukhman explained. In these less regulated jurisdictions, hundreds of tiny cryptocurrencies, often called altcoins, may be traded freely, without the exchanges having to treat them as securities, as U.S. exchanges must.
MapleChange’s Twitter has not been active for several hours as of Monday afternoon, and it has stopped responding to upset users and others.