Coincube Hacked – Reset Your API Keys

DIY Software

was hacked. It looks like a disgruntled ex-employee stole the code and database and used the API keys sell user's holdings at a loss. The admin in the Telegraph group reports that only he and one other user were affected.

If you are Coincube user you should cancel your API keys on your exchanges. Note that several exchanges including Bittrex and Poloniex support IP whitelisting the IP addresses used by Coincube bot are 104.131.38.38, 162.243.231.18, and 107.170.11.138* .

Coincube are still operating and will review their operational and technical implementation going forwards. Their admin Robert Allen has given great support during this incident.

What should we expect?

Coincube

  • need to identify Trading Bot and non-trading bot transactions in their UI so users can verify they were not affected by this hack.
  • publish instructions and IPs in their UI so that users can whitelist the trading bot
  • to review operational security
  • to review technical security

Ideally decrypted API keys should only be held in memory. It appears that the encryption key was stored in source code or was otherwise accessible to trusted employees. It would be preferable to store the encryption key in a separate system to which trusted users to do have access such as a Hardware Security Module or perhaps, in a cloudy deployment a separate server.

 

 

 

 

Author

James Bayley

Ex-physicist, professional project manager and cryptocurrency enthusiast.

Related Articles

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer

This site provides educational material only and nothing herein constitutes investment advice. You must conduct your own due diligence before buying any cryptocurrency related product and should consider taking professional advice.

Privacy Policy

Warning

Cryptocurrency investment is very risky and you may loose all your money. Risks include but are not limited to, theft, fraud, exchange failures, and technical errors leading to partial or total loss of funds. Never invest money you cannot afford to lose.

Terms and Conditions

(C) 2017 Cryptocurrency.guru

Back to Top