On March 27, the cryptocurrency exchange Coinbene tweeted that due to recent hacks of exchanges, they would be performing maintenance to upgrade users' wallets. The maintenance subsequently left users unable to access their digital assets held within the Coinbene wallets. Immediately some were skeptical of the alleged maintenance and believed Coinbene had in fact been hacked. Just over two months have passed since the initial announcement and some commentators are still convinced that Coinbene is withholding details about what actually took place in late March.
Coinbene officially launched in late 2017 and reportedly has offices located in Singapore, Hong Kong, Malayasia, and Brazil. The exchange is currently listed by CoinMarketCap as the 18th top exchange in terms of trading volume. Despite the growth of Coinbene, the last couple months have been marked by a lack of clear communication with their users and allegations of lying and potentially theft of coins held on their platform.
The same day Coinbene tweeted about performing maintenance, ZDNet reported that both Coinbene and DragonEx had been hacked. The report stated that DragonEx had lost over $1 million worth of crypto while Coinbene was estimated to have lost over $45 million. Despite the report, Coinbene denied a hack had taken place and instead continued to stand behind the claim that they were merely performing maintenance.
"It should be noted that none of the two cryptocurrency exchanges have put out exact figures of the sums they've lost, and none have responded to requests for comments," ZDNet wrote.
Immediately, the cryptocurrency community was skeptical of Coinbene's claims. For one, researchers noticed that on March 25 there were massive transactions from CoinBene’s hot wallet to an unknown wallet involving every single ERC-20 token held by the company. These tokens included udoo, a token created for the social media platform Howdoo.
David Brierley, CEO of Howdoo, told Cryptoglobe that a total of $105 million of numerous tokens had been moved into other wallets, including some which were being sent to EtherDelta, a decentralized exchange primarily used for ERC-20 tokens. These tokens were then being sold at a fraction of their value. This was confirmed by a report from blockchain firm Elementus which described how the transfers from Coinbene's wallet resembled a hack. “After leaving CoinBene, the tokens were quickly moved into Etherdelta, where they were sold for ETH," the report states. "A large amount of funds were also moved into centralized Exchanges, including Binance, Huobi, and Bittrex.”
'Coinbene worked to keep this quiet'
Brierley communicated with a Coinbene representative via Telegram and Skype who claimed to be unaware of the source of the missing coins. Publicly, however, Coinbene continued to insist that maintenance was to blame and allowed users to continue trading udoo. Inevitably, this caused a drop in the value of the token.
"They continued to allow the Udoo to be traded but they froze all withdrawals," Brierley stated. "Coinbene worked to keep this quiet, they didn't want it to go public."
When Coinbene did finally go public they blamed the udoo team, stating that, the UDOO team had been conducting their own maintenance updates. Coinbene promised to announce once operations had resumed. However, Brierley calls this statement a lie and an attempt to blame the Howdoo team for Coinbene's failures.
Days later the udoo tokens were transferred back to the Howdoo project's smart contract which automatically burned the tokens. "The whole 18.4 million udoos were just sent back where our howdoo smart contract subsequently burned them," the CEO of Howdoo stated. Brierley was asked by the Coinbene representative to send them 18.4 million udoos for free to "replenish" the customers wallets.
Breirley stated by this point it was clear there had been a breach and that the Coinbene rep had confirmed they had lost control of the udoos in question. The entire time Brierley was communicating with Coinbene they continued to state that users' inability to access their tokens was the result of maintenance.
'You don't know how centralized exchanges work'
"You are trying to get out of this by dumping the alt coins price, buying them up with bitcoin, so your clients don't lose, and you can sweep it under the carpet," Brierley told the Coinbene team. When he asked how Coinbene could continue to allow trading for tokens they do not actually have on their exchange, Brierley was told, "You don't know how centralized exchanges work, David."
Brierley was also notified by a member of the HowDoo community that Kevin Yan, Business Director at Coinbene, stated that HowDoo was to blame because they refused to talk with representatives of the exchange. Yan also attempted to buy udoo from several community members at a price well below market value. Brierley and others believe this was an attempt by Coinbene to replenish their missing stock of the tokens.
Eventually, Brierley spoke with a Coinbene representative who asked for his perspective of the situation. However, he says after the follow up conversation, Coinbene went quiet once again. Brierley continues to look for answers regarding the truth of what exactly happened to the udoo tokens on Coinbene. He believes this situation, whether a hack or something worse, is a reason to support regulation of cryptocurrency exchanges.
At the end of the day, we just want the holders of udoos to get their coins back. We want coinbene to acknowledge that they no longer have control of the udoos and come up with a solution.