As was broken by SA Crypto in the early hours of Friday morning, one of SA’s leading exchanges AltCoinTrader was “hacked”*. We were alerted to the news by members of the SA Crypto Telegram Group, and immediately contacted the exchange for comment. We were able to get direct communication from the CEO and founder Richard de Sousa who assured us that funds were 100% safe thanks to exhaustive security protocols.
By Saturday, it seemed that the site was back up and running, and by that afternoon all funds were reflecting accurately in user’s various wallets. It was a nervy number of hours for avid cryptocurrency traders who utilize the platform, and following the breach, we wanted to get a follow up with de Sousa to get some clarity on where they stand. The CEO was kind enough to give us an interview over Skype and was candidly open and honest about what actually happened.
De Sousa immediately highlighted the various security protocols that AltCoinTrader observes, from their “hot wallets” having a low amount of accessible funds to their multi-factor authentication requirements when accessing both the platform and exchange funds.
Something that is important to de Sousa is that no single executive or staff member at AltCoinTrader have access to funds. This is significant to the context of this situation due to the recent alleged death of Canada’s largest cryptocurrency exchange Quadriga. The exchange had over $135 million worth of cryptoassets in what is known as “cold storage”, but when the CEO allegedly died suddenly, those assets became inaccessible to Quadriga staff because the CEO was the only one who had access to those wallets.
Had a hacker gained access to what is known as the “warm” or “cold” wallets belonging to AltCoinTrader, the hacker would never have been able to move them due to the numerous levels of authentication required by two other AltCoinTrader executives.
So what actually happened on Friday?
De Sousa explained that one of the ACT executives known to SA Crypto only as “Frik” noticed some irregular activity on the site. Frik, who was in New York at the time and hence was online in those early South African hours, immediately notified the rest of the ACT team and began the process of identifying the threat and shutting it down.
It seemed that a hacker (or team of hackers), who were operating out of Egypt, had created fake user accounts and were manipulating the order book by selling Bitcoin at a price of R2 per Bitcoin, and then proceeded to buy those R2 Bitcoin in large numbers with other fake accounts. This aligns with the information SA Crypto had received on Friday morning by a Telegram user who confirmed he saw the same activity
De Sousa told me off-mic of our interview that these illegally created trading accounts were immediately identified and shut down, preventing the attacker/s from withdrawing those purchased funds.
Due to the vulnerability identified by the attacker/s, AltCoinTrader remained down for most of Friday while their dev team created a security patch, and audited all accounts and wallets – a delay which caused significant anxiety for many of the trading community in South Africa. De Sousa said in the interview that he and his team apologised for the delay, and even admitted to communications being below par for such a scenario – a par they hope to meet and exceed should this ever happen again.
The now much more relaxed CEO said in the interview that when he and his partners set about building AltCoinTrader, he did so with a focus on security, which is why he believes they were able to identify and shut down this serious attack on their platform so quickly.
“When I set about building AltCoinTrader, I focused 80% of my energy on security and 20% on functionality,” de Sousa quipped proudly.
“I personally lost a lot of funds on the infamous Mt. Gox exchange after their hack,” said ACT’s CEO, “and I have a lot of sympathy for users who must have been waiting patiently for more info on their AltCoinTrader funds. The reality is: We were caught off guard, and I apologise for the delay, but I am proud of the fact that my team and I were able to ensure absolutely no user funds were lost this weekend.”
De Sousa says that he and his team are pursuing a forensic investigation into the hack, and have identified not only Egyptian IP addresses involved in the attack, but believe there was a local attacker involved as well. He says they are working closely with authorities, and will be pursuing all possible legal and forensic avenues in an attempt to bring the attackers to book.
You can watch or listen to the entire interview with AltCoinTrader’s CEO recorded this morning, Tuesday 16 April 2019, below on YouTube or our various Podcast channels.
The Audio Version of the Interview:
Please visit the Anchor page of the interview for various links to Apple, Google and Spotify versions of the audio.
SA Crypto thanks Richard de Sousa and AltCoinTrader for their co-operation and their time given in this report.
— – – – – – – – – – –
*The definition “hack” does not necessarily imply a malicious, unauthorised attack on a digital platform – and sometimes refers to developers building digital tech quickly. In this article though, it is referencing the malicious digital attack on AltCoinTrader. For more info on the definition of “hack”, read this article here