For the second time, the online cryptocurrency brokerage Bigg Digital Assets is reporting a security breach of its network, this time resulting in a loss from Netcoins’ operational float worth $343,000 CAD. Netcoins is a subsidiary of Bigg.
Netcoins said that on Sept. 17, its internal control systems designed to monitor crypto-asset withdrawals detected suspicious activity on Netcoins’ hot wallets. Hot wallets are ones always connected to the internet, enabling the storage, transmission and receipt of tokens. They are more vulnerable to hacks than non-connected cold wallets.
Netcoins said it took steps to remove the unauthorized user and reinforce the security of its network.
During the breach, Netcoins’ automated systems blocked attempted crypto withdrawals outside of preset, tightly controlled permitted limits, and immediately notified Netcoins staff, the company said.
An internal investigation determined that a bad actor had accessed the Netcoins network. Netcoins said it took steps to remove the unauthorized user and reinforce the security of its network. The company said the vulnerability was addressed by the Netcoins team within the hour.
No customer funds or crypto assets were compromised, Netcoins claimed, and all subsequent crypto asset withdrawals have been reviewed, verified, and performed manually for an added layer of security.
Netcoins also identified an unauthorized attempt to remove customer personal information during the incident, and Netcoins is currently working with cybersecurity experts to investigate whether data theft did occur.
Bigg bills itself on the front page of its website as “compliance first crypto,” and says, “We believe the future of crypto is a safe, compliant and regulated environment. We are the solution.”
The startup says it owns, operates, and invests in crypto businesses that support and enhance a compliant and regulated ecosystem. Its subsidiary Netcoins “makes it easy for Canadians and Americans to buy, sell, and understand cryptocurrency,” and offers that it is easy for customers to be fully verified in less than five minutes and trade a wide variety of cryptocurrencies safely and securely within the Netcoins platform.
RELATED: Netcoins user walks away with estimated $1.58 million after software vulnerability
As a precautionary measure, Netcoins said it performed a hard reset on all customer passwords, and required all users to set up new credentials to access the platform following this event. Netcoins also claimed it has updated all of its internal passwords, password-management system, tokens and keys for its network to prevent any further access.
Netcoins experienced a security breach in 2022 that allegedly allowed a customer to fraudulently withdraw an estimated $1.58 million CAD. That case has yet to be resolved.
Netcoins expanded into the United States in February. After securing regulatory approval, the company launched in five US states in December, including California, Michigan, Pennsylvania, Virginia, and Missouri. Earlier that same month the startup also launched in Colorado, Utah, Kentucky, and Kansas.
Netcoins is one of the 11 crypto-trading platforms currently registered with securities regulators in Canada. The company is also one of very few regulated Canadian crypto firms to expand into the US to date.
In regards to the current security breach, Bigg said that Netcoins continues to operate as normal with enhanced procedures in place to ensure protection of customers. Netcoins is conducting, with the assistance of third-party cybersecurity experts, a forensic investigation into the cause and scope of the incident. The company said the investigation is ongoing and law enforcement has been notified.
Image courtesy of Unsplash
The post Netcoins loses $343,000 in second security breach within 17 months first appeared on BetaKit.