Altilly Exchanged Hacked. Altilly responds to the community.

The fast growing crypto-exchange Altilly officially lost all control on 26th December, 2020. They were well known for their low fees and easy listing procedures.
The news took time to spread, as it is just at the brink of gaining popularity. This also could be looked as a blessing, since the loss won't be as big if it were to be a more popular exchange.

• PHASE 1

On 26th December, they turned their website's front page into a disclaimer blackboard with a short and concise report on what had happened. There was a link to their official telegram channel if and when someone wanted to leave questions.

As expected, Altilly's official telegram was soon flooded with new members and a swarm of threats, concerns and questions combines. The chat limit was set at a slow mode of 1:00 minute, which has since been changed to 5:00 minutes.

Given their history of transparency and communication, the team was eager to send out replies and answer queries as they came in. Chaotic is an understatement to what was going on.

The website did not shed much light into the situation. The report was very vague with minimal details. But, it was also concerning. The details that were mentioned in the report pointed out some missing fundamental security features that would be expected from a crypto-exchange.

As in the excerpt from the website in the screenshot above, the malicious activity was noticed first on 23rd December, 2020.
It also mentions the various servers, wallets and databases that were lost. This followed by a deletion before being copied by the hackers.

However, there is no mention of offline database backups or cold wallets. There is also no explanation as to why their actions took so long, or why weren't clients informed as a precautionary step.

Upon joining the telegram group it became clear that there were tons of fingers being pointed, blames, accusations, prayers, support and hopes. In typical Altilly fashion, the team was active in the group responding to as many messages as possible.



Asking about cold wallets yielded no response. It however brought notice to people being kicked from the group for asking similar questions.

Sifting through the chat shed light on something deeply concerning. There were rumors that discussion within the coveted dev & admin chats were being leaked. It naturally makes the team look bad and could even be held responsible for the hack.

Nayiem, now responsible for Altilly mentioned in various instances that they were looking into tracking the funds, respective accounts and a way to begin a refund program.

• PHASE 2

As of less than 8 hours back, the website has been updated with many more details. They have added information in regards to how the hack came to happen and what are they planning in the future.

You can click on the picture below to be redirected to their website.

To summarize, the hackers gained a portal through an old email that has been left alone for 3 years now. The malicious group used this email to gain full access. The email account was connected to original hosting provider BUT did not have 2fA activated.

As disheartening as it sounds, this simple oversight in security did lead to an exchange getting completely hacked, have info and sensitive data deleted and left in shambles.

The new report also places a rough estimate on the losses at around 12000 USDT and 30 BTC, which the hackers gained access of. The amount is a preliminary assumption and is bound to change upon further investigation.

Altilly also mentions that KYC was not something to worry about as all KYC information was only held temporarily.

As of now, without any "iron-clad" guarantees, they do plan on setting up a refund program. They expect to repay to their clients within 6 months (subject to change). The audit itself will take around 3 months.

In a clever way they have both swayed away potential legal implications as well as confirmed their stand on it. Being an unregistered account, they claim most lawsuits wouldn't stick and it is rather easier to work with them than against.

Meanwhile, on the telegram group, Nayiem had asked everyone to begin securing any emails for Altilly mentioning deposits and withdrawals. He claimed it would be used in the future to repay the losses to the clients.

They would be accepting email screenshots, which can be easily tampered. Nayiem also confirmed that Altilly did not have text bodies of the emails they sent. This begs the question as to how they would verify the emails.

Final Thoughts

Not your keys, not your crypto. This mantra exists for a reason and the reminders to believe in it haven't been few. It still is disheartening to lose crypto in such hacks, may it be while hodling, trading or having open orders.

In most cases, smaller exchanges like Altilly do not have a favorable outcome after such a heinous attack. Hacks usually lead to complete closure of the exchange. Lawsuits and criminal cases follow soon after. Exchanges seldom pay the losses back to their clients.

It wouldn't be surprising to eventually find a staff member associated with the hackers. More often than not, it has been the case.

It would be interesting to watch how things will roll out. Unlike the usual dip and dive, Altilly is standing along its core values of transparency and customer service - which could translate to the clients getting their rights returned.

However, it has been yet another huge lesson for the crypto-population. Even a bigger one for Altilly and other exchanges, alike.

---

_{Follow me on twitter and instagram}

---

Affiliate links

_{Huobi. Earn upto $170 with my link.
Appics
Splinterlands
Actifit
Drugwars
Delegate for support.
Bittrex
Binance
Ionomy
Cryptex
Uptrennd. Get 50 points with my link!}

Posted Using LeoFinance ^Beta