Something is out of the bag at Cryptsy

On January 14th, Cryptsy made a blog post explaining it’s present situation and problems with the exchange. The posts states they finally want to let everyone know what these problems stem from. They were not because of any recent phishing attacks, or even a DDoS attack, nor does it have anything to do personal issues.

The post explains that a person claiming to want to resurrect an un-maintained coin, Lucky7Coin (L7C), contacted them over a year ago. The person, who does not appear to be the original developer, explained to Cryptsy that there was a change he made to Luck7Coin’s IRC code and claimed that it would help community members of the coin synchronize faster. Cryptsy was promised it contained no errors that would cause a fork of the coin. Apparently it contained something much worse than errors. Allegedly Cryptsy’s staff unknowingly installed a IRC backdoor when they upgraded to this new wallet code. In a similar fashion of a trojan, this malicious code allowed for the compromise of Cryptsy to the tune of 13,000 BTC and 300,000 LTC with the internal information it collected several months leading up to the actual thievery.

At this point, Cryptsy wanted to avoid shutting down the website as result of this compromise and subsequent disappearance of  about 7 million dollars worth of customer crypto assets. They began pulling their  profits in an attempt to fill these wallets back up, the post further states, and avoid complete shutdown. They also were pulling from it’s own reserves. This strategy of covering up the compromise did work until Cryptsy’s profits could not keep up with what might be a cover up of Cryptsy’s poor judgment to trust this person’s promise of “I’m responsible”.

When an article about Coinfire came out that contained many false accusations things began to crumble and a bank-run began. Cryptsy could not  keep up with founding the covered-up compromise. The good only promising thing is the stolen funds have not moved since they were taken which makes recovery, in the hopes of Cryptsy and it’s users, more probable or possible. Cryptsy has asked for the return of the stolen funds in the blog post and promising “no questions asked” if they are returned. A bounty of 1000 BTC has also been promised to anyone that can help locate the stolen funds.

In conclusion of the blog post, Cryptsy states it’s options as: “1. We shut down the website and file bankruptcy, letting users file claims via the bankruptcy process and letting the court make the disbursements. – OR – 2. Somebody else comes in to purchase and run Cryptsy while also making good on requested withdrawals. -OR- 3. If somehow we are able to re-acquire the stolen funds, then we allow all withdrawal requests to process.”

Surly the return of these funds would be great for Cryptsy, it’s users, and the industry. As more and more of these scandals emerge, public acceptance seems less and less of a possibility as the cloud of distrust grows darker and darker.  A colleague of mine here at NewsBTC USA just informed me: “They shut down the chat box just a little while ago … dying off to the rage of many with nothing but a gutless whisper!

Cryptsy’s original blog post can be read here: http://blog.cryptsy.com/


Subscribe to our newsletter

Troubling times and riled up masses are at cryptocurrency exchange, Cryptsy.com. The angry customers are circling, and it only takes a moment to see why! As of 9 pm MST on 1/12/2016, according to JShock (Cryptsy Admin) all withdrawals have been frozen. This was followed up with a series of notices by NerdLifeLabs (Crptsy moderator) that all withdrawals are paused for security reasons, and possible theft of both hot and cold storage of cryptocurrencies. At approximately 9:05 pm MST JShock stated in the chat box:

“NOTICE, UNTIL WE ARE ABLE TO DETERMINE EXTEND OF ATTACK, ALL WITHDRAWALS AND MARKETS ARE PAUSED”

Cryptsy hack
Cryptsy alleges security breach and freezes withdrawals and trading

Cryptsy alert

Following the announcement in the chat box, this notice has been posted recommending that all passwords, and 2FA are changed immediately. There has been notice that some users have been receiving an email and text (SMS) messages stating they should click on the link provided (https://cryptsy-refund.com/) to change their user information, which has been deemed a fraud and an attempt to steal user data.

Cryptsy has been having its share of problems lately, and this ‘alleged’ attack is only the next of a series of unfortunate events. There has been problems with receiving withdrawals of most of the coins and when questions concerning the delays, the following email has been the standard response.

One thing is for certain, there is a lot of fear and frustration concerning the future of Cryptsy and the cryptocoins of thousands of their customers. The chat box is filled with fear, anger and uncertainty.