A Verge specific node wallets hacked, crooks stole $655,000 from CoinPouch XVG Verge wallets

CoinPouch publicly disclosed the hack of a Verge specific node wallets and the theft if $655,000 from its XVG Verge wallets.

A mystery surrounds the recent hack of CoinPouch wallet app, users lost over $655,000 worth of Verge cryptocurrency.

On Tuesday, the maintainers of the CoinPouch multi-currency wallet app  published a statement that disclosed a security breach that affected its users who stored Verge currency in their wallets.

The project maintainers claimed the incident affected a Verge node set up with the help of Verge project maintainers to handle Verge transactions for Coin Pouch users.

“Users who held XVG Verge in Coin Pouch which was routed through the affected Verge Specific Node. Please note that at this time it appears that only Verge XVG wallets were affected. We have no information or customer reports to suggest that any other coins in CoinPouch were affected by this hack.” reads the announcement.

According to CoinPouch, a user reported having his Verge funds stolen on November 9. The results of the investigation  conducted by the company along with the maintainers at the Verge project excluded the incident was caused by a cyber attack.

The Verge development team provided specific settings for CoinPouch’s Verge node that would improve its security, but evidently that modifications were not enough.

Even if the developers applied the changes suggested by the Verge team, a few days later some of its users reported problems with the Verge wallets.

“A few days later, we started getting additional reports from users stating their Verge wallets in Coinpouch were not working correctly. So, we contacted Justin again to investigate the issue.” continues the statement. “During that investigation, it was discovered that most Verge tokens on the Verge Specific Node had been transferred out which prompted us to immediately shut down the Verge Specific Node once we were able to confirm that it was a hack.”

CoinPouch publicly disclosed the hack and filed a complaint with law enforcement, it also hired a forensics lab to conduct further investigation.

“Users who held XVG Verge in CoinPouch which was routed through the affected Verge Specific Node. Please note that at this time it appears that only Verge XVG wallets were affected.” reads the Verge statement.”

  1. We have contacted the company that hosted the Verge Specific Node to request the server for forensics analysis.
  2. We have contacted a computer forensics lab to initiate forensics analysis.
  3. We have reported the incident to the proper law enforcement authorities.”

CoinPouch

The good news is that the Verge team has traced the wallet used by the hackers to hijack the funds that was containing over 126 million Verge coins.

The maintainers at the Verge project took the distance from CoinPouch, claiming the company was never listed as a recommended wallet on its website and confirmed that it was removed from the site.

“This does not mean Verge was hacked nor does it mean Coinpouch was hacked. At this moment neither Coinpouch nor Justin, the founder and lead developer of Verge, are clear how the hack occurred.” said the Verge development.

“At this moment neither Coinpouch nor Justin, the founder and lead developer of Verge, are clear how the hack occurred,” said the company in a statement.


Pierluigi Paganini

(Security Affairs – Verge, cryptocurrency)



The post A Verge specific node wallets hacked, crooks stole $655,000 from CoinPouch XVG Verge wallets appeared first on Security Affairs.



Leave a Reply