Repository of User Private Keys Breached for Two Large Cryptocurrency Trading Platforms

What Happened?

  • Two large cryptocurrency trading platforms had their repository of user private keys breached.
  • Once private keys were hacked by cyber criminals, they stole $196M from one organization’s users and $30M from the other organization’s users.

The breach occurred within the private key repositories. This means that any mobile app sending/receiving funds and any web portal sending/receiving funds was affected.

Who Were the Victims & How Did This Breach Affect Them?

Individual Wallet Holders

  • Affected thousands of users from each company through their mobile applications and web portal accounts.
  • Cyber criminals breached the Private Key Repository, gaining access to each account holder’s private key.

Cryptocurrency Trading Platforms

  • One of the organizations is currently paying back their users directly as they try to recover stolen funds.

How Could This Breach Have Been Prevented?

  • If Eclypses MTE technology was implemented, it would replace private keys with individual single-use keys that are instantly obsolete. Keys would never be stored, shared, or transmitted when sending/receiving cryptocurrency transactions.
  • MTE would be installed in the mobile application and on the server. Or when using a web portal, on the server and then a WASM-based MTE within the browser only while the website is being accessed.
  • Once MTE is paired from the mobile app to the main server (or browser to server) no other device can communicate that user specific information. Even if a cyber criminal was able to steal an MTE secured transmission, the packet is meaningless and unusable because the MTE cryptographic library is already out of sync with the server. No packet can come to the server unless the device or browser session has been synchronized. The cyber criminal, even if a database breach occurs and they gather info on users, can never sync the transmitted packet.

Interested in learning more? Contact us today: [email protected].