- Hackers have already withdrawn 1.3 million of the stolen tokens.
- The Swiss cryptocurrency exchange is still investigating the cause of the breach.
Switzerland-based cryptocurrency exchange Trade.io suffered a breach that resulted in hackers stealing around 50 million TIO (Trade.io tokens) from one of its wallets that was held in cold storage. Trade.io acknowledged the security breach on Sunday, and as per Monday’s cryptocurrency trading price, the stolen funds are worth around $7.5 million.
According to Trade.io, the cold storage wallet was stored in safety deposit boxes in banks. Cold storage wallets are usually custom USB-based devices that provide access to an account holding cryptocurrency funds. These devices are generally password protected to ensure the security of the stored funds.
Although the theft involved the cold storage wallets, Trade.io CEO Jim Preissler confirmed that the safety deposit boxes that contained the cold storage wallets were not compromised.
The cryptocurrency exchange discovered the breach after it observed a large amount of cryptocurrencies being transferred from one of the accounts associated with its cold storage wallets. Once this activity was detected, Trade.io’s security squad alerted the recipient (Bancor and Kucoin), requesting the client to pause the transfer.
However, by then, around 50 million TIO had already been accessed by an authorized user.
How it happened
"While the investigation is ongoing, based on Etherscan records, we can confirm that the 50M TIO allocated for the Liquidity Pool being held in cold storage has been withdrawn, and an estimated 1.3M of that had been transferred to both Bancor & Kucoin respectively,” Preissler said, ZDNet reported.
Meanwhile, it is still unknown as to how the hack has occurred. All three exchanges have disabled TIO deposits, withdrawals and trading for the time being.
The stolen funds were reportedly held as a backup by Trade.io. The company had planned to funnel the stored funds into its liquidity pool if trading activity peaked at any point in time. Therefore, the funds belonged to the company and not to any users registered to Trade.io.
Trade.io is considering a fork of the TIO token codebase to invalidate the stolen funds, and “protect the value of TIO for everyone else”, according to Preissler. The theft did not reportedly impact the day-to-day trading activities of the platform, which will continue to operate as normal.
"It's obvious that trade.io is now a major focal point of competitors and those attempting to destroy the movement that is on the ground floor, and we guarantee you we will not bow down to their actions," Preissler said.