Canadian Exchange MapleChange Hacked For 8 BTC ($50,000) – Refund In Progress
On October 28th, the small Canadian MapleChange cryptocurrency exchange took to Twitter to announce that their platform suffered a malicious attack and lost their users' funds.
On October 28th, the small Canadian MapleChange cryptocurrency exchange took to Twitter to announce that their platform suffered a malicious attack and lost their users’ funds.
The platform has announced that altcoins will be refunded to customers but that Bitcoin (BTC) and Litecoin (LTC) will not as a result of being insolvent.
The incident took place only a day after the platform went through the maintenance and server upgrade, as only hours after the launch of version 2.0.0, the exchange reported the attack.
A bug in the system
MapleChange Tweeted that, due to a bug, attackers managed to withdraw all the funds from the exchange. “We are in the process of a thorough investigation for this,” they stated, expressed their regret concerning the situation, and declared that, until the investigation is over, the refund cannot take place.
Following the announcement, the exchange started shutting down profiles on social networks, which raised an alarm throughout the community.
The exchange operators later reinstated their social network accounts, explaining that they had shut down social media because the exchange has no funds left for customers’ refunds, they have to close down, which includes all of their social media.
Not an exit scam after all?
Just as everybody raised exit-scam flags, and after some users even threatened the evasive exchange’s officials with legal repercussions, MapleChange tried to cool down the atmosphere by saying that they did not disappear, but simply “turned off accounts temporarily to think this solution through.”
Later in the day, MapleChange returned to Twitter and revealed that, unfortunately, they aren’t able to refund Bitcoin (BTC) or Litecoin (LTC) funds, but there is a possibility that they will manage to refund everything else.
Hacks by themselves, unfortunately, can’t be considered as breaking news in the cryptocurrency business world anymore, but the MapleChange’s unprofessional behavior is unprecedented.
After the attack, firstly, they asked users to provide them with their email, the precise amount of lost funds and a wallet to withdraw them into, while simultaneously opening a Discord channel (which we couldn’t reach) through which their clients can try to resolve their problems.
Then, all of a sudden, MapleChange revealed on Twitter that they are preparing wallets for altcoins listed on the exchange in order to return them to developers.
The main point that the exchange’s team made was that developers are the best solution to find original owners of cryptocurrency assets. Needless to say, users went ballistic!
The fact that MapleChange could not deduce which funds belonged to which user started an avalanche of negative reactions.
One user by the handle of Cryptounicorn responded:
“Stop giving the remaining coins to people who are not the correct owners of the said coins. You should have records of everyone’s balances on your exchange. Coins should be sent back to the person whose funds they were in the first place,”
However, MapleChange ignored the pleas of their community, and the next few hours passed with the exchange regularly posting lesser coins whose wallets they managed to return to their original developers.
According to them, these wallets are:
- UltraNote Coin (XUN)
- Spes (SPES)
- SHIELD (XSH)
- Denarius (DNR)
- B2BX (B2B)
- Weycoin (WAE)
- CryptoFightClub (CFCC)
- Turtlecoin (TRTL)
- TycheCash (TYCH)
- SkullNodes (SKX)
Every new Tweet was followed by a discussion, and some of the users were asking for the involvement of the authorities and the police report, which, by the time of writing, obviously didn’t happen.
Lack of professionalism
Although anyone can make a mistake, it is important to know how to:
- Accept the responsibility
- Inform the public in the clearest way possible
- Unmistakably deduce why the incident happened
- Take steps to reduce the damage
- Refund your customers
Looking at MapleChange’s moves during the last two days, we can conclude that they have failed in every single step. Considering that, and the fact that MapleChange’s last Twitter report took place almost a day ago, we, unfortunately, cannot rule out the possibility that the exit scam really did take place.
The full technical rundown of the hack can be read here.