Paul Vernon, CEO at Project Investors Inc, has made good on his promise to provide information about exactly what has been going on at Cryptsy over the past few months by releasing a blog post which details the cause of the issues with customer accounts. According to Vernon, the problem goes back to 2014 and is unconnected with the phishing attacks, ddos attack or his personal life.
In 2014, Vernon reports that he became aware of a significant amount of cryptocurrency that had gone missing from the Cryptsy safe/cold wallet (https://www.walletexplorer.com/wallet/0c07e0bec1002bd2): 13,000 BTC, 300,000 LTC and a smaller amount of a couple of other cryptocurrencies. Following an investigation into the matter, it was found that the developer of Lucky7Coin had placed an IRC backdoor into the code of wallet, thereby allowing it to obtain information to allow it to carry out the attack. However, Vernon does not believe that it was the original developer of Lucky7Coin is responsible due to communications received from a developer who took over which seem to indicate knowledge of the issue.
Despite the obvious problem that this posed, Vernon described that at the time, Cryptsy was profitable and still had reserves of the stolen currencies available. The decision was made to attempt to use the profits and reserves to get by, covering up the fact that there had been any theft and allowing the website to remain functional. Apparently this was working until an article by Coinfire (which Vernon alleges contained many pieces of false information) caused panic in users and resulted in problems withdrawing funds.
Vernon claimed that he did not report the theft to the authorities at the time due to confusion over who could help and an unwillingness to cause panic. He also mentioned that he was in contact (about other matters) with disgraced secret service agent Shaun Bridges but obviously this wouldn’t prove to be helpful, and recently he has had no luck with finding assistance from the Miami FBI office or I3C.
Currently, Vernon reports customer liabilities for BTC to the tune of 10,000 BTC and is eager to try and recover the funds which were stolen, which have apparently not been moved since they were transferred to the account from Cryptsy. He is offering a reward of 1000 BTC for information which leads to the recovery of the cryptocurrency, which can be sent to firstname.lastname@example.org. Alternatively, Vernon has offered an amnesty to the person or people who carried out the attack if they return the coins to the wallet provided (1KNi4E4MTsF7gfuPKPNAbrZWQvtdQBTAAa), although he noted that the community might not be forgiving.
Moving on from the current situation, Vernon announced that there would be suspension of trades and withdrawals indefinitely until a resolution can be found. Although he has stated that he is open to suggestions, Vernon believes that there are three options now:
– Shutting down the website and filing for bankruptcy, letting users file claims via the bankruptcy process and letting the court make the disbursements.
– Somebody else comes in to purchase and run Cryptsy, while also making good on requested withdrawals.
– If Cryptsy is able to re-acquire the stolen funds, then it will allow all withdrawal requests to process.
The method that will be chosen and the long-term consequences remain to be seen, as does the community reaction to the decisions Vernon has made.