Today we conduct an investigation into the Maplechange hack.
Sometimes the line between what’s legitimate and what’s fraudulent is very thin. This is very much the case around the situation that a small Canadian cryptocurrency exchange Maplechange has found itself in.
On October 28th, the exchange tweeted about a hack that they sustained informing that the hackers were able to withdraw funds. In order to prevent further losses, the remaining funds were frozen and withdrawals disabled.
What’s curious about this case is that in addition to the aforementioned countermeasures, Maplechange has shut down all of its social media accounts as well as its own site. That’s when the first accusations of this whole happening being an exit scam started to come in. Various entities have reported, that the damage done by the “hack” is estimated at above 900BTC (more than half a million dollars) – later denied by the exchange, claiming that their hot wallet had only ~8 BTC and ~100 LTC that were withdrawn.
Thanks to Twitter, Coinfirm has been able to get a hold of a couple of addresses related to the exchange. An analysis of their transfer history has shown, that the funds got scattered across multiple popular exchanges (including Bittrex and Binance). That itself is not conclusive proof of any scam or hack, but the exchange was refusing to open withdrawals or refund the stolen cryptos. Their statement, explaining the bug that supposedly allowed the hack to happen says that the exploit was a result of Maplechange rewriting and upgrading their framework, while also omitting the lines that were double-checking the balances. An error like that is either incompetence or a premeditated action
The Coinfirm Team