A Reddit user, who had stored a large amount of funds in his account at the COSS crypto exchange, revealed that his funds worth $860,000 have been stolen. The hackers whisked around 10 percent of the total supply of COSS tokens from the user’s account. This incident led the exchange to evaluate their website to probe into the cause and the culprit of the attack.
The Redditor stated in his post that when he woke up on October 14, he found that the COSS exchange had sent him thousands of letters regarding a failed attempt to enter the account. On checking his account immediately he realized all his holdings were gone. He added that they were sold on low-liquid markets at rates that were substantially lower than the present market rate.
Crypto exchange COSS subsequently posted on their Medium blog and said that they have initiated a detailed investigation into the matter. The exchange further stated that owing to security reasons, they cannot go into the detail of their methods. However, their investigation results show that the user’s password was compromised out of COSS. They also clarified that at no time was any user password breached on their systems.
This seemed to upset the user whose account was hacked and he retorted claiming that the exchange forgot to mention one small fact that the access to his account was received using vulnerability. This apparently allowed the hacker to perform brute force attack on his 2FA. He further added that he was not the only victim as COSS declared in their Medium blog and the hacker indeed used the exchange’s vulnerability.
Enraged by the event, the user blamed COSS completely and denied that he was at fault for the hacker possessing his password. However, the fact remained that since he kept his funds on the exchange and not in a separate wallet, he is the one accountable for the accessibility to his funds, as mentioned in the Bitcoin Exchange Guide report.
When Rune Evensen, founder of crypto exchange COSS, was contacted to throw some more light on the hacking incident, he stated that the team reacted instantly when the incident was reported. He further added that a thorough investigation was conducted and the exchange was taken down for approximately 24 hours to ensure there were no breaches at their end, as stated in the CryptoGlobe report.[The views and opinions expressed in this article are those of the authors and do not necessarily reflect the views and/or the official policy of the website. ]