At about 4:45AM CST, bitcoin person to person exchange XCoins.io, was apparently hacked. Or, was it an inside job?
I woke up early this morning, at 6:30AM, and was welcomed with an automated email from XCoins.io that my 3.00000001 bitcoin withdrawal was successful.
I quickly rushed to my laptop to find that it wasn't a mistake. My bitcoin was indeed gone. The strange thing was that they had left a little over .5 BTC in my account.
Of course, I quickly looked up the transaction on blockchain.info : https://blockchain.info/tx/d97c5b343c3045bcab013915ed0e320c15d3d5a29ce1b75b13a2c75c3c9070b8
What I found, at the time, were 17 similar transactions of varying amounts done within a 25 minute time period. I could only assume, that their site was hacked or that the site operators have decided that now was a good time to call it quits and scram with their pile of what was a little over 47 bitcoins at the time. At the time of this post, the bitcoins are still in the wallet and not spent. A little strange, if you ask me.
I quickly withdrew the rest of my bitcoin, and was reminded by the process of the text verification that must be done in order to withdraw. I have my texts sent to my email, as well, and neither my phone nor my email contained any text verification of the stolen withdrawal.
I contacted XCoins by every method I could find. Still have not received a response in over 6 hours.
However, at about 10:00AMCST, their site https://xcoins.io/ went to the current state:
Right about that time, 7 more transactions showed up through the thief's bitcoin wallet address : https://blockchain.info/address/1PkTAW7ncksmFJwLN1QFjpett88HYyGi4W . Totaling 24 transactions / 51.80000024 btc stolen.
Again, it is strange that the perpetrator has left all the bitcoins unspent in that wallet. It is also strange that the thief waited 4 hours to strike again, and at nearly the same time the site "went down" for maintenance.
I have been searching twitter on an off for any tweets related to this and finally it had a mention. Albeit, not from what I would call a mainstream source. Since I have started this post, 2 more have been added. One is on reddit, and I will be commenting along with a link to this post.
Some of the basic research I have done:
A quick search of the so called founder’s name Sergey Nikitin doesn’t really pull any useful information.
The address on the site for the corporation (Aspect, Inc.) they ‘say’ runs the operation is :
325 Sharon Park Dr., #428
Menlo Park, CA 94025
This is also the corresponding address for the web-site whois : https://whois-search.com/whois/xcoins.io .
Guess what?
That address is simply a UPS Store, in which people use the equivalent of a P.O. Box.
At this point, I am going to give it a little ‘wait and see’ if some concrete news from the “company founder(s)” comes by way of email or otherwise.
Of course, any help that any steemit member can offer, is appreciated.
Side note : I hate that this was my first post on steemit. I signed up awhile ago, commented and voted on a few posts, but never posted. I use it for more of a valuable source of information from a group of people with a similar vision as me.
Hence, I will save my introduction post for a later time.
As for now, I will use this platform to spread the word of my early experience with this ‘hack’. My personal belief is this was some sort of inside job. Interested in your input. Thank you for reading.
If you would like me to update with a new post once I have found out any more information, or have any questions, please upvote and comment.