Crypto Exchange COSS Removes 10% of Its Tokens’ Supply From Hackers’ Wallet

A Reddit user who had a large amount of funds on the COSS cryptocurrency exchange has recently revealed he has been hacked for over $860,000. The incident saw hackers take about 10% of the total supply of COSS tokens from his account, which prompted the contract’s owners to deduct the tokens from the hackers’ wallet.

Per the thread on Reddit, the user ‘blockchainified’ found out that on October 14 he was hacked while he was asleep. Once he turned on his laptop, he saw the attacker managed to brute force his way into his account, to steal 14 BTC ($89,500), 22 ETH ($4,400), and 11.7 million COSS tokens ($770,000).

About 19,000 EOS (over $100,000) could’ve also been stolen, although at the time it wasn’t possible to withdraw the cryptocurrency from the exchange. In the thread, the user blames COSS for the incident as at the time it went under maintenance – which the user claimed was an attack.

The user claimed to have been using two-factor authentication (2FA), but that it fell to a brute force attack that saw hackers try to gain access over 25,000 times. The exchange seemingly didn’t lock the account after a few failed attempts.

 Various users on COSS’ Telegram channel questioned the user about the incident. They found out the user has previously claimed to have been hacked on leading cryptocurrency exchange Binance. Although the thread itself has been deleted, an archived version of the post is still accessible. At the time, blockchainified admitted his email account had also been hacked.

COSS’ Reaction

The COSS exchange itself has reacted to the incident. In a Medium post it asked the hacker to return nearly 10 million COSS tokens to an ERC address. If he did that, the post stated, COSS would “not pursue this case any further.”

On Telegram, a user suggested the COSS contract’s token holders use a function that lets them remove funds from the hacker’s wallet. Shortly after, Rune Evensen, the founder of COSS, implied the move had been done, telling the community to “check the Etherdelta wallet,” referring to a decentralized cryptocurrency exchange the hacker was presumably planning on using.

Users on Telegam noticed EtherDelta's address has 0 COSS tokens in it

CryptoGlobe reached out to Rune Evensen to know more about the incident. Evensen noted the team “reacted instantly when the incident was reported,” and added that a thorough investigation took place while the exchange was taken down for “approx. 24hours” to ensure there were no breaches on its end.

He added:

Short-term an incident like this damages the rep[utation] but it also strengthens the site. We have had a very strong support from our community and we have been in direct dialogue with the involved party since the incident.

He further confirmed COSS used a function in the contract to remove the tokens from the hackers’ account.