Stolen Altcoins Trailed in Augur & Ethereum Hack Investigation

A whale’s hack tells on ETH and Augur’s REP, funds from both networks belonging to the investor Bo Shen drained.
A whale’s hack tells on ETH and Augur’s REP, funds from both networks belonging to the investor Bo Shen drained.

An account belonging to Bo Shen, one of the early investors in Ethereum and Augur, was reportedly hacked on Tuesday causing funds from both networks to be drained.

The hacked wallet was a top 20 wallet by size in Augur and constituted a significant percent of the total token supply. It was big enough to fill practically all the orders in the Poloniex buy side order book.

The Poloniex Augur market has bottomed at the price level of 0.0001 BTC for one REP despite the average price of 0.0035 in the previous period.

Poloniex Augur market

Poloniex tweeted that they have been investigating the Augur matter but have been limited in what they could find because the trades in question were executed via an instant exchange service.

Following Shen’s money

Shen has been a strong supporter of Blockchain technology and one of the organizers of Shanghai’s Global Blockchain Summit. He is a co-founder of Chinese VC firm Febushi, the first China-based venture capital firm that exclusively invests in Blockchain-enabled companies.

The hacking of Shen’s account has been suggested to be a hijack by social engineers.  The kind of hackers who heavily rely on human interaction and trick people into breaking normal security procedures. Kraken reports that there have been more cases of cryptocurrency scene actors being victimized by mobile phone hijacking.

As earlier noted by Augur co-founder Jack Peterson, Shen’s REP and ETH were reportedly dumped on the Poloniex exchange on the said day causing the price of ETH to tank to as low as $5.98, as the dollar value of Augur's digital asset Reputation (REP) also dropped to $2.09 - though they have both recovered according to CoinMarketCap.

Huge transaction discovered

Cointelegraph has analyzed the contents of the blocks around the time when the money was stolen from Bo Shen’s account and tried to track the transaction. During that period there was only one such transaction:

Transaction

https://etherscan.io/tx/0x5fb679e22336a634609fd4208df05e9e212f3d54d8ce73ff5ff40af75bbba937

It can be seen here: 110,000.1446470998 REP. This is one of the biggest transactions since ICO - Augur network has an average of 20 transactions per hour.

The account belongs to one of the original investors -  this is evidenced by the fact that the money had been there since the time of ICO.

The first funds were received from Token Holder Address: 0x0000000000000000000000000000000000000000, 119,000 REP in total. It is without any doubt that this is the culprit. It is also possible to see that not so long ago a transaction of 110,000 REP had been carried out - supposedly to the hacker’s account.

Let’s start tracking now.

Here's the hacker’s wallet: https://etherscan.io/token/REP?a=0xb08241488b1b3a4eafdb125c218cec7d086cfaa7

Out of that wallet, the funds were transferred in smaller amounts to various addresses.

The second line wallets held REP for no more than an hour. Subsequently, they were transferred to some high turnover wallets.

A tweet from Poloniex claims that the money was exchanged on the instant digital asset exchange.

It is possible that the high turnover wallets mentioned above involve these exchanges. Let us see who that may be.

We created transactions and topped up addresses on Shapeshift, Changelly as well as a couple of other exchanges.

Funds make several moves and gotcha!

Now we know where the money disappeared:

0xeff756b86e8033348944896f45c761b72a2c4f6d - is for Changelly

0xb2d955733e6a470533f68f72d0af442070f24f55 - is for Shapeshift

Markets were flooded with REP liquidity in a couple of hours as currency exchangers started hedging their positions.

 

Supposed token flow

- Supposed token flow

Suspicious activity

Changelly has confirmed to Cointelegraph that there has been suspicious activity related to Augur. A user was able to exchange a part of the stolen money before Changelly noticed that something was wrong. The exchange then blocked the remaining funds to ascertain the circumstances.

Konstantin Gladych, Changelly’s CEO says:

“We have also contacted Jack Peterson regarding the hack and Poloniex, our partner. Now we are carrying out the investigation in cooperation with other exchanges.

We don’t have any limits to the amount being exchanged, but the sum of REP was too large and looked suspicious. A part of it was exchanged automatically but the rest of it has been blocked and will be returned to the rightful owner, as the circumstances clarify.

In case of legal proceedings, we are ready to cooperate with the investigators.”

Erik Voorhees, CEO at ShapeShift comments:

"Our policy is to publish every transaction that goes through the platform, so that funds cannot be obscured. As public observers have noted, it appears some of the stolen funds were traded at ShapeShift, along with other exchanges. Since we don't hold any customer funds, we cannot freeze accounts, however we blacklist addresses (and derivative addresses) which we believe are involved in thefts or fraud. "

Portion of stolen funds liquidated

In an email to Cointelegraph, Augur’s Tom Kysar maintains that the issue, which has been contained, is more about Shen.

He says:

“Bo Shen was an early supporter and REP sale purchaser, but not a part of the Augur team. The situation is now under control."

He adds: “Considering this revolves around Bo's personal holdings, we're not directly involved in this at the moment - however, we're receiving updates and staying in contact. It’s appropriate to say that the hacker has taken credit for liquidating a portion of the stolen funds. The price of REP started at around $2.60, neared $1.96, and then was back around $3.00+ all within the early hours of that morning during the liquidation.”

Update from the Augur co-founder Jack Peterson, part of the stolen REPs were saved and returned to the owner:

Circuit breakers may have prevented losses

This case, whereby one percent of the whole coin supply was stolen from one of the most advanced persons in the crypto community, can teach us a lot.

Anyone can get hacked. It doesn’t matter if you’re an average Joe or a Blockchain professional. But how should we protect ourselves from these attacks? Who will bring out the killer solution to secure cryptocurrency funds? Will that be hardware wallets or is a new solution yet to come? The pain is here, the market is ready. Entrepreneurs, it’s your turn.

How well are the ICO and Blockchain startup investors protected from “crypto whales?” Traditional large stock markets have introduced trading curbs or “circuit breakers” to prevent crashes similar to this one. Maybe cryptocurrency exchanges should implement trading freezing mechanisms similar to those of NASDAQ or NYSE.

Read the continuation of the story here.