Crypto One-Stop Solution or COSS is a relatively small exchange, registered in Singapore which offers fiat-to-crypto and crypto-to-crypto trading pairs. Yesterday, a user alarmed on Reddit that his account was hacked, and his funds were stolen. The person with the nickname blockchainified reported the balance in his account was 11 700 000 COSS coins, the exchange’s native tokens, 14 Bitcoins and 22 Ethers. He stated to have lost coins worth roughly $880,000 USD. His assets surprisingly came out on the market without his knowledge.
I had 2FA< I haven’t checked my account for a couple of months. Yesterday, while I was sleeping somebody, hacked my account and sold all my assets. I had 11 000 000 COSS tokens! Somebody just dumped it on the market,
The distressed trader writes.
As he later explained in additional posts, he also had 19 000 EOS tokens, which stayed untouched, thanks to the shut of the node. COSS tokens, however, could not resist the breach and went missing.
The main assumption was that a brute force attack occurred. A brute force hack is a hack through multiple attempts until the password is revealed. But blockchainified does not know how this would be possible since his password was 16 digits long with letters, numbers and special characters.
The story has a happy end, though. The trader contacted the compliance center immediately and the CEO of the exchange, Rune Evensen, contacted him personally. Blockchainified asked for at least 50% recover of his assets but received 11 million COSS coins back.
COSS took urgent measures and shut the platform down for 24 hours. It seems it was a combination of DDoS and brute force attacks, which affected other users, too. For the moment, it is not clear how many victims there are. COSS posted an announcement that:
[…] user’s password was compromised outside of COSS; at no time was any user password breached on our systems.
They look for the hacker and warn that if he returns 9.8 million COSS tokens, the case will not be pursued.