Stolen Altcoins Trailed in Augur & Ethereum Hack Investigation
A whale’s hack tells on ETH and Augur’s REP, funds from both networks belonging to the investor Bo Shen drained.
The hacked wallet was a top 20 wallet by size in Augur and constituted a significant percent of the total token supply. It was big enough to fill practically all the orders in the Poloniex buy side order book.
The Poloniex Augur market has bottomed at the price level of 0.0001 BTC for one REP despite the average price of 0.0035 in the previous period.
Poloniex tweeted that they have been investigating the Augur matter but have been limited in what they could find because the trades in question were executed via an instant exchange service.
Following Shen’s money
Shen has been a strong supporter of Blockchain technology and one of the organizers of Shanghai’s Global Blockchain Summit. He is a co-founder of Chinese VC firm Febushi, the first China-based venture capital firm that exclusively invests in Blockchain-enabled companies.
The hacking of Shen’s account has been suggested to be a hijack by social engineers. The kind of hackers who heavily rely on human interaction and trick people into breaking normal security procedures. Kraken reports that there have been more cases of cryptocurrency scene actors being victimized by mobile phone hijacking.
As earlier noted by Augur co-founder Jack Peterson, Shen’s REP and ETH were reportedly dumped on the Poloniex exchange on the said day causing the price of ETH to tank to as low as $5.98, as the dollar value of Augur's digital asset Reputation (REP) also dropped to $2.09 - though they have both recovered according to CoinMarketCap.
Huge transaction discovered
Cointelegraph has analyzed the contents of the blocks around the time when the money was stolen from Bo Shen’s account and tried to track the transaction. During that period there was only one such transaction:
It can be seen here: 110,000.1446470998 REP. This is one of the biggest transactions since ICO - Augur network has an average of 20 transactions per hour.
The account belongs to one of the original investors - this is evidenced by the fact that the money had been there since the time of ICO.
The first funds were received from Token Holder Address: 0x0000000000000000000000000000000000000000, 119,000 REP in total. It is without any doubt that this is the culprit. It is also possible to see that not so long ago a transaction of 110,000 REP had been carried out - supposedly to the hacker’s account.
Let’s start tracking now.
Here's the hacker’s wallet: https://etherscan.io/token/REP?a=0xb08241488b1b3a4eafdb125c218cec7d086cfaa7
Out of that wallet, the funds were transferred in smaller amounts to various addresses.
The second line wallets held REP for no more than an hour. Subsequently, they were transferred to some high turnover wallets.
A tweet from Poloniex claims that the money was exchanged on the instant digital asset exchange.
We've been investigating the Augur matter. The trades in question were executed via an instant exchanger service, limiting what we can find.— Poloniex Exchange (@Poloniex) December 6, 2016
It is possible that the high turnover wallets mentioned above involve these exchanges. Let us see who that may be.
Funds make several moves and gotcha!
Now we know where the money disappeared:
0xeff756b86e8033348944896f45c761b72a2c4f6d - is for Changelly
0xb2d955733e6a470533f68f72d0af442070f24f55 - is for Shapeshift
Markets were flooded with REP liquidity in a couple of hours as currency exchangers started hedging their positions.
- Supposed token flow
Changelly has confirmed to Cointelegraph that there has been suspicious activity related to Augur. A user was able to exchange a part of the stolen money before Changelly noticed that something was wrong. The exchange then blocked the remaining funds to ascertain the circumstances.
Konstantin Gladych, Changelly’s CEO says:
“We have also contacted Jack Peterson regarding the hack and Poloniex, our partner. Now we are carrying out the investigation in cooperation with other exchanges.
We don’t have any limits to the amount being exchanged, but the sum of REP was too large and looked suspicious. A part of it was exchanged automatically but the rest of it has been blocked and will be returned to the rightful owner, as the circumstances clarify.
In case of legal proceedings, we are ready to cooperate with the investigators.”
Erik Voorhees, CEO at ShapeShift comments:
"Our policy is to publish every transaction that goes through the platform, so that funds cannot be obscured. As public observers have noted, it appears some of the stolen funds were traded at ShapeShift, along with other exchanges. Since we don't hold any customer funds, we cannot freeze accounts, however we blacklist addresses (and derivative addresses) which we believe are involved in thefts or fraud. "
Portion of stolen funds liquidated
In an email to Cointelegraph, Augur’s Tom Kysar maintains that the issue, which has been contained, is more about Shen.
“Bo Shen was an early supporter and REP sale purchaser, but not a part of the Augur team. The situation is now under control."
He adds: “Considering this revolves around Bo's personal holdings, we're not directly involved in this at the moment - however, we're receiving updates and staying in contact. It’s appropriate to say that the hacker has taken credit for liquidating a portion of the stolen funds. The price of REP started at around $2.60, neared $1.96, and then was back around $3.00+ all within the early hours of that morning during the liquidation.”
Update from the Augur co-founder Jack Peterson, part of the stolen REPs were saved and returned to the owner: