The Russian cryptocurrency exchange was hacked on Christmas Eve, it published a message on its website warning customers to stop using its services.
“Dear clients, we ask you to stop using our service in all meanings: don’t deposit funds, don’t trade, don’t use API. We are under a carefully planned attack, which has been prepared, as we assume, over the last few months. We lost control of all of our servers, backend and nodes. Thus, we were not able to stop our service in time.” reads the message published on the website. “Our news channels were compromised as well. At the moment, we partially control frontend, and so we’re able to place this announcement. We’re fighting hard to get back our servers, nodes and funds, we’re working 24/7. News and next update will come up in the next few days. We’re working in contact with local police authorities. We really do our best to overcome this issue.”
Livecoin recommended users to stop depositing funds and making transactions, it also notified local law enforcement.
The administrators of the platforms informed its customers to have lost control of some of its servers, the attack was not opportunistic, it appears to be well planned.
The attack took place nighttime, between December 23 and December 24, the attackers modified exchange rates to absurd values (15 times their ordinary values). The Bitcoin exchange rate was set to over $450,000/BTC, while the value of ETH was increased from $600/ETH up to $15,000
Once pumped out the exchange rates, the attackers began cashing out accounts, making huge profits.
Now, Livecoin announced it is terminating its activity following the December cyberattack.
“Dear clients, as we reported earlier, our service were under attack in December 2020. Investigation is in active phase right now. Our service has been damaged hard in technical and financial way. There is no way to continue operative business in these conditions, so we take a hard decision to close the business and paying the remaining funds to clients.” reads the announcement published by the exchange.
“Our clients have to contact us via email email@example.com to get payments after passing verification procedure. We accept claims for payments for the next 2 months. 17 March 2021 is the last day of accepting your requests, after this date no new requests will be accepted.”
The company announced that it will accept claims for payments until 17 March 2021.
CoinTelegraph reported that some users have refused to send their personal data to Livecoin fearing for their security and privacy. A user revealed that Livecoin is requesting documents and data that could be used by ill-intentioned to conduct scams ad frauds, including passport scans, residence information, high-resolution selfies, and data about the first transaction on the exchange.
“We apologize for an existing situation and ask you to keep calm, including your conversation with support officers. Our service and team bear hard losses as well as our clients. In case of abuse and threats in conversation, the claim can be declined.” Livecoin added.
“We have to warn you about tons of fake groups in different messengers and other channels, where people represent themselves as our team members, insiders, hackers etc. Participating in these groups you run a high risk, because we have no any groups. The only official statements are made on this website. Do not send money to anyone. You don’t have to pay to get back your funds from us, the only thing you need is to send a request and follow simple procedure.”
At the time of this writing, Livecoin’s old website domain displays the message “Oops! Time is over Livecoin….”.
As usual, some users speculate that this could be an Exit Scam.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Livecoin)