In late July, clients of the Ukraine-based cryptocurrency exchange Liqui.io woke up to the shocking news that their accounts had been emptied.
According to users, someone using a Ukrainian IP had logged into their accounts and stolen all of their funds.
The report regarding this news was posted on the EthTrader Reddit page.
Was It a Hacking Attempt?
After the incident, one user posted on Reddit that 3.5 BTC had disappeared from his Liquid.io account.
The exchange then posted a tweet reminding users to implement unique passwords and activate their 2FA when using their services.
The tweet led to sharp reactions from many users of the cryptocurrency exchange.
On Reddit, users claimed that they had logged into their accounts only to receive several failed login alerts from a Ukrainian IP address.
One user claimed that he had no coins in his account prior to this incident but when he logged into his account, he discovered several login attempts from the IP.
The user also noted there were other failed login attempts starting from July 1 this year to date. These attempts originated from Brazil and Vietnam.
The good news is that if the perpetrator used their home address, then catching them would be easy.
The fact that the IP address seemed to be from the same place increases the chances that it might be an inside job.
However, if the culprit is smart enough, then they might have used a VPN, making it difficult for authorities to find their location.
The user who posted about losing 3.5 BTC on the exchange felt that the culprit sold his BTC for ETH.
Unfortunately, there was no historical evidence to confirm that the transaction took place.
More specifically, he never received emails confirming the transaction.
When he tracked the IP addresses involved, it showed that the transaction took place in Kiev, Ukraine. Interestingly, the exchange is based in this city as well.
Other addresses pointed to additional Ukrainian cities while others pointed to Moscow, Russia.
This information led the user to believe that the hacking was an inside job, maybe by someone with administrative rights—and that is why he could view the transaction history.
He also felt that maybe the Liqui.io database was no longer secure.
After noting the suspicious activity in his account, he opened a ticket with the exchange’s help center.
He was quick to advise other users not to enable 2FA because he doubted its effectiveness after having enabled it.
Additionally, another user claimed that he had a few BTC and GNT prior to this incident.
But when he logged into his account, he had a few BTC and EOS funds.
At the time, he did not know what EOS was, and he noted that he did not see any transaction history.
When he tried to raise an alarm on the exchange’s chat platform, the system banned him.
Many users went through this experience and they expressed little faith in the exchange.
Some claimed they would sell whatever few coins they had and close their accounts.
Most of the users who experienced this intrusion also suspected it might have been an inside job.
On the exchange’s chatting platform, users voiced their frustration as they shared the experiences they had with their accounts.
Some were trying to withdraw their money, but they could not do so. Instead, all they could do was view their balance.
This experience is similar to those who posted on Reddit about the attempted hacking of their accounts.
One member of the Liqui.io team noted that someone was trying to break into users’ accounts, so he subsequently advised users to use strong and unique passwords in addition to enabling 2FA.
Despite the attempted hacking of accounts, Liquid.io has put in anti-hacking countermeasures to ensure that users’ accounts are safe.
However, cyber security experts are advising users to ensure that they have activated the 2FA as a means of securing their accounts.
More specifically, users who hold significant balances in their accounts should opt for a 2FA.