A mystery surrounds the recent hack of CoinPouch wallet app, users lost over $655,000 worth of Verge cryptocurrency.
On Tuesday, the maintainers of the CoinPouch multi-currency wallet app published a statement that disclosed a security breach that affected its users who stored Verge currency in their wallets.
The project maintainers claimed the incident affected a Verge node set up with the help of Verge project maintainers to handle Verge transactions for Coin Pouch users.
“Users who held XVG Verge in Coin Pouch which was routed through the affected Verge Specific Node. Please note that at this time it appears that only Verge XVG wallets were affected. We have no information or customer reports to suggest that any other coins in CoinPouch were affected by this hack.” reads the announcement.
According to CoinPouch, a user reported having his Verge funds stolen on November 9. The results of the investigation conducted by the company along with the maintainers at the Verge project excluded the incident was caused by a cyber attack.
The Verge development team provided specific settings for CoinPouch’s Verge node that would improve its security, but evidently that modifications were not enough.
Even if the developers applied the changes suggested by the Verge team, a few days later some of its users reported problems with the Verge wallets.
“A few days later, we started getting additional reports from users stating their Verge wallets in Coinpouch were not working correctly. So, we contacted Justin again to investigate the issue.” continues the statement. “During that investigation, it was discovered that most Verge tokens on the Verge Specific Node had been transferred out which prompted us to immediately shut down the Verge Specific Node once we were able to confirm that it was a hack.”
CoinPouch publicly disclosed the hack and filed a complaint with law enforcement, it also hired a forensics lab to conduct further investigation.
“Users who held XVG Verge in CoinPouch which was routed through the affected Verge Specific Node. Please note that at this time it appears that only Verge XVG wallets were affected.” reads the Verge statement.”
The maintainers at the Verge project took the distance from CoinPouch, claiming the company was never listed as a recommended wallet on its website and confirmed that it was removed from the site.
To clarify situation and stop disinformation: It was 3rd party wallet @coinpouchapp that was hacked cos wasn't secured properly on their side. Not Verge blockchain. Independent forensic probe was ordered, as reported by #CoinPouch. Expect further status updates on their channels.
— vergecurrency (@vergecurrency) November 23, 2017
— vergecurrency (@vergecurrency) November 22, 2017
“This does not mean Verge was hacked nor does it mean Coinpouch was hacked. At this moment neither Coinpouch nor Justin, the founder and lead developer of Verge, are clear how the hack occurred.” said the Verge development.
“At this moment neither Coinpouch nor Justin, the founder and lead developer of Verge, are clear how the hack occurred,” said the company in a statement.
(Security Affairs – Verge, cryptocurrency)