As usual, scammers will try to contact you on telegram,
discord or by
email. Please
don't interact with them and don't give them any information regarding your balances and
transactions with
Altilly.
The servers the Altilly Exchange platform utilised were provided by an independent hosting
provider.
Earlier this week on the 23rd December 2020, we were alerted to suspicious
activities/monitoring alerts on our servers.
Three servers suspiciously rebooted around the same time. After checking the servers, we
noticed some unusual activity
and a new system user was created.
With the servers being constantly rebooted and being unsure about what exactly happened at
that time, we took the
preventative action of beginning to move our servers to a new host.
Late on the 25th or early morning on the 26th December 2020, we were being alerted to
another system reboot at our
original hosting provider. It was now clear that someone had access to our servers. It
appears that these systems were
accessed at an Admin portal level using rescue mode during the server reboot. We then took
an additional step by adding
code to prevent anyone from accessing the servers externally and changed the rescue system.
While we were still investigating the root cause, we lost access to all of our servers, this
includes production web
servers, the databases and exchange cryptocurrency wallets, and it appears that a request
came in via the hosting client
portal to delete all servers on the linked to the attacked account.
On a number of occasions, we attempted to upload backups to our servers. Unfortunately, the
attacker(s) had also gained
access to our offsite storage account. This was compromised using API keys from the backup
software on the affected
servers. The attacker removed all backup files from that location.
The attacker(s) appear to have downloaded copies of the backups before destroying them.
The Exchange had two accounts at the original hosting provider. One of them was created
three years ago during the setup
at the hosting provider. This email was no longer used, as we had another email account
using our altilly domain
address. The active email had 2FA, the non-active email did not and provided an attack
vector for the attacker(s).
*** Update 7th of January 2021 ***
During our investigation, we came to the conclusion that the cause was created by
negligence from our hosting provider.
During the account creation at our hosting provider in 2018, we created an account
using
an email, username and password.
A second email was added to the same account. Both emails gave access to the same
user
account.
The hosting provider changed their portal which essentially separated the emails
into
separate users for the same portal.
This action created a second user that was not secured by 2FA authentication.
This change was made 6 months ago without notification.
We are working on a settlement with the hosting provider without using any legal
actions
at this stage.
Legal actions may slow down any settlements. We will continue to update our users
with
the latest information.
Please be aware that we can not share any details that could affect the settlement
or
the investigation.
The attacker(s) was/were able to gain full access to the Administrator console/panel and as
well
as taking control of our
servers, was also able to steal high-value assets from the exchange cryptocurrency hot
wallets.
It was an unforgivably simple mistake to make and a lesson with likely
repercussions for many years to come.
At this point, we are still unaware of how the attacker(s) obtained the password to access
the administrator account of
our servers or knew which provider we were using.
This investigation is still ongoing and more information will be released in due course.
We are still working with the hosting provider to see if we can restore data.
The hosting provider has a “secure removal” policy on the servers, using industry-standard
procedures. Once deleted, it
can not be recovered, but we are still looking at ways to recover this.
At the time of writing, we are unable to share specific details about the hosting provider
or about the account details
that were used for the attack. It would decrease our chance of finding the attacker(s),
tracking stolen funds and
valuable information.
As a matter of precaution, we are auditing all of our own account details and adding
additional layers of security to
our other platforms and services.
For the avoidance of doubt, none of our other platforms or services (for e.g. Qredit
blockchain) was hosted on the same
servers or with the same hosting provider.
Users KYC information has never been stored externally (i.e. hosting providers) and was only
used temporarily during the
verification process. Therefore no KYC data/ documents/ personally identifiable information
was put at risk during this
attack.
The attacker(s) was gained access to and stole 30 BTC and 12,000 USDT while they had control
of our servers.
Without access to the servers or backups, the team has very limited information to assess
the full impact of the attack.
This makes the process of understanding which users were impacted by the attack even
more difficult, but not
entirely impossible.
The Altilly team were able to save about 90 assets during the migration, these assets are
mainly bitcoin and cryptonote
clones, that have been listed in the last 30 days, prior to the attack. (please see Appendix
1 - List of Assets Saved)
Only in the last month, Altilly began generating a surplus/profit and running at 1mln USD
daily volume.
We had free listings and extremely low fees. For that reason, we were not able to create a
buffer/insurance fund to
cover losses in case of an attack or something similar.
Due to the attacker deleting the backups and production servers the remaining funds within
the Exchange cryptocurrency
wallets are effectively inaccessible/lost.
Not only to Altilly but also the attacker, due to database and server encryption.
We do not have access to the exchange database or backups, making assessing the scale of the
attack, which coins and the
number of coins affected more challenging, but not impossible.
From the assets that were saved during the migration, we are working closely with teams and
project owners to create an
audit trail of users and their balances on Altilly.
Some of the teams and projects of these assets have shown a willingness to help recover the
balances/assets of these
users.
The team understands that people will clearly be concerned, angered, upset and frustrated
with this news. The team have
spent three years building the platform, the community of users and the trust, just to have
it taken away.
To be very very clear, the Altilly team will continue to support users/teams/coin developers
through this extremely
challenging time.
We know that a small number of people are already beginning to call the attack an exit scam,
and suggestions of the
attack being an inside job are totally untrue and unfounded.
Altilly has always prided itself on its transparency and user-friendly approach to customer
service. There is absolutely
nothing to be gained from Altilly destroying its reputation, user base and trust, for a
short term gain.
The leadership team responsible for Altilly have always been visible and transparent and
will continue to be so.
The Altilly team are monitoring all major stolen crypto currency addresses, and are ready to
contact other exchanges
with a view to stopping those funds being cashed out, or exchanged.
The total amount stolen is circa 1mln USD. This is a large sum, but not impossible to repay.
One possible solution would be to repay the stolen funds by utilising profit created by a
number of other projects,
completely unrelated to Altilly. Although to be clear, we are unable to make any cast-iron
guarantees at this stage.
More detail will be provided in due course.
First, we must complete the audit required to understand which users have had funds stolen,
this could take up to three
months, due to lack of access to backup information.
Second, we aim to repay everyone within 6 months, this timeframe is subject to change.
As we have already highlighted the team has no access to funds or exchange data. The Altilly
team have lost everything
they have worked hard for over the last 3 years.
We take full responsibility for what has happened.
Altilly was an unregulated exchange, that was just months or weeks away from becoming an
official regulated
cryptocurrency exchange. The exchange was acquired in 2019.
We are aware that a number of users may choose to pursue legal action, you are clearly
within your right to do so. But
given the unregulated status of the exchange, any legal action and their implication may be
limited by this fact.
Looking at previous Exchange attacks it is unlikely that a government agency is going to
repay any of the affected users
due to country-specific regulatory provisions.
It would be more beneficial to gain support from teams and projects that were listed at
Altilly and anyone in the same
industry or another exchange.
It took the team three years to build Altilly. While we still have access to the exchange
platform base code, recreating
the exchange database will take months.
If we would ever launch an exchange. It would be with an exchange license, directly from the
start with a good insurance in place. At this moment we doubt that we will have the same
trust and confidence as before to
operate an
exchange.
Our sole focus now is to repay the users affected by this attack.
The Team is deeply saddened and embarrassed at what has transpired. Words can not describe
how the team feels and the
pain and suffering this news brings to everyone.
You have our word that we will not rest until we have repaid affected users.
The leadership team would also like to apologise to the wider Altilly team, the communities,
developers and projects
that were listed at Altilly.
To continue with our offer of transparency, the Altilly team will provide a number of live
stream events beginning
January 2021 to give everyone affected updates and provide the opportunity to ask questions.
The Team will provide regular updates via the Altilly.com website, Altilly Telegram channel
and Discord server (details
provided below).
Please ensure you do not send anyone details of your transactions.
Anyone claiming to be Altilly Support is most likely a fake.
We will keep communication channels open and we will be most of the time active on
Telegram and Discord.
The Altilly Exchange platform has been attacked via unauthorised access and user funds have
been
stolen.
Read the text on the left side to find out more.
What now?
First, we must complete the audit required to understand which users have had funds stolen, this
could take up to three
months, due to lack of access to backup information.
Second, we aim to repay everyone within 6 months, this timeframe is subject to change.
What can you do?
Click on the button below to fill in the form so we can establish the users affected by the
Altilly Exchange hack.