Another altcoin exchange has been hacked, not even a month after AllCrypt went down. Cryptoine, which offers a number of markets not available at larger exchanges, is down as of this morning, claiming a hack. The operators have promised to be forthcoming with details at an unspecified time and date.
Race Condition Bug
As you can see, the exchange is claiming that the exploit happened as a result of a “race condition bug,” which, in programming terms, means that uncontrollable events do not happen in the order the programmer intended. In a PHP program, this can often mean a bug in the way that time-of-use and time-of-check are implemented. The attacker was apparently able to exploit mistakes of the exchange’s programming team.
No Theft Yet Reported
As yet, no theft has been reported, but the exchange is unavailable at the time of writing. Unlike the AllCrypt hack, which was supposedly executed due to weaknesses in the WordPress platform, this exploit happened to custom-built software.
Multi-Signature Withdrawals More Necessary Than Ever
This attack, along with other recent attacks such as the one on the Chinese exchange Bter, co-incides with wide-ranging calls in the community for broader implementation of multi-signature security. There is a lot of suspicion that exchanges are not implementing such because in most cases these supposed “hacks” are in fact inside jobs not unlike Ponzi schemes where the owners make off with the funds once there is a sufficient amount.