On January 14th, Cryptsy made a blog post explaining it’s present situation and problems with the exchange. The posts states they finally want to let everyone know what these problems stem from. They were not because of any recent phishing attacks, or even a DDoS attack, nor does it have anything to do personal issues.
The post explains that a person claiming to want to resurrect an un-maintained coin, Lucky7Coin (L7C), contacted them over a year ago. The person, who does not appear to be the original developer, explained to Cryptsy that there was a change he made to Luck7Coin’s IRC code and claimed that it would help community members of the coin synchronize faster. Cryptsy was promised it contained no errors that would cause a fork of the coin. Apparently it contained something much worse than errors. Allegedly Cryptsy’s staff unknowingly installed a IRC backdoor when they upgraded to this new wallet code. In a similar fashion of a trojan, this malicious code allowed for the compromise of Cryptsy to the tune of 13,000 BTC and 300,000 LTC with the internal information it collected several months leading up to the actual thievery.
At this point, Cryptsy wanted to avoid shutting down the website as result of this compromise and subsequent disappearance of about 7 million dollars worth of customer crypto assets. They began pulling their profits in an attempt to fill these wallets back up, the post further states, and avoid complete shutdown. They also were pulling from it’s own reserves. This strategy of covering up the compromise did work until Cryptsy’s profits could not keep up with what might be a cover up of Cryptsy’s poor judgment to trust this person’s promise of “I’m responsible”.
When an article about Coinfire came out that contained many false accusations things began to crumble and a bank-run began. Cryptsy could not keep up with founding the covered-up compromise. The good only promising thing is the stolen funds have not moved since they were taken which makes recovery, in the hopes of Cryptsy and it’s users, more probable or possible. Cryptsy has asked for the return of the stolen funds in the blog post and promising “no questions asked” if they are returned. A bounty of 1000 BTC has also been promised to anyone that can help locate the stolen funds.
In conclusion of the blog post, Cryptsy states it’s options as: “1. We shut down the website and file bankruptcy, letting users file claims via the bankruptcy process and letting the court make the disbursements. – OR – 2. Somebody else comes in to purchase and run Cryptsy while also making good on requested withdrawals. -OR- 3. If somehow we are able to re-acquire the stolen funds, then we allow all withdrawal requests to process.”
Surly the return of these funds would be great for Cryptsy, it’s users, and the industry. As more and more of these scandals emerge, public acceptance seems less and less of a possibility as the cloud of distrust grows darker and darker. A colleague of mine here at NewsBTC USA just informed me: “They shut down the chat box just a little while ago … dying off to the rage of many with nothing but a gutless whisper!”
Cryptsy’s original blog post can be read here: http://blog.cryptsy.com/