Art by: Jing Jin

[Update: CCDEK CEO Ronny Boesing asked us to stress that his legal team, his company policy and local Danish law prevent him from handing over the information. Even if Boesing believed ambiorx is guilty, he would be unable to hand over the information to anyone but law enforcement. He also wanted to clarify that he never meant to imply that he thinks ambiorx isn't guilty, only that he isn't in a posistion to judge and that he feels the information he has presented is helpful.]

Exco.in believes one of their competitors may know the identity of the hacker who attacked them. The alleged hacker goes by the name "ambiorx," and Exco.in says the Danish-based exchange CCEDK knows who he is. Exco.in suffered an attack that may have resulted in the loss of up to 2,000 BTC, according to some reports.

CCEDK's founder appears to have posted conversations he had with a user who had found an exploit in Exco.in. Additionally, Exco.in has revealed that they believe DD4BC, the notorious hacking group responsible for attacks on both Bitalo and Nitrogensports.eu, was involved in the attack.

We broke both previous stories involving DD4BC last year. The attack on Bitalo caused the company to put a 100 BTC bounty on the identity of DD4BC.

According to our inside sources, DD4BC performed a DDoS attack on Exco.in. During that time, ambiorx allegedly hacked into Exco.in and pulled off the theft, according to sources. Other exchanges have also been experiencing down time recently, but it is unclear whether the attacks are related.

On the NuBits forum, a representative of Exco.in accused CCEDK of withholding information about the hacker after CCEDK CEO, Ronny Boesing, posted an email he received from a user who claimed to have found a way to exploit NuBit's pegging feature. The hacker has, according to Exco.in, moved his stolen Exco.in coins to CCEDK and Exco.in alleges that CCEDK is in possession of ambiorx's personal information. Boesing, did post emails he received from a user who claimed to be using the issue between Exco.in and NuBit's network to turn a significant profit.

We asked Boesing if he knew the hacker's identity. He replied that he has “no idea who hacked it” and has no information on the hacker outside of the messages sent to him. He feels that he is being “attacked” after sending a friendly message about possibly being of some assistance in tracking down the hacker. He says he does not think that the user hacked Exco.in but simply took advantage of the opportunity presented isn't in posistion to judge ambiorx's guilt or innocence.

With Bter and Exco.in down, CCEDK remains one of the few high liquidity exchanges that accepts Nubits. In addition to Bitcoin, the Exco.in hacker got away with NuShares and NuBits. This, Exco.in alleges, is why CCEDK has a vested interest in the thief escaping with the coins, so he can bring them to CCEDK.

Boesing vehemently denies the claim and, so far, little evidence has been presented that the user is connected to the hack in any way. The emails show that the user knew, or claimed to know, how to take advantage of NuBits at the various exchanges. It seems that something in either NuBits' or Excoin's code gave him an advantage that may be morally or even legally questionable, but doesn't specifically link him to the hack.

CCEDK may have a less malicious reason to keep the alleged hacker's identity private. Exchanges depend on their reputation, and no exchange wants to be known as the one that freezes accounts and reveals personal information, especially over evidence that they see as incomplete. He told Exco.in to have the police contact him if they want more information. No one has contacted him yet so far, he said. 

We asked CCEDK if they had any indication whether their DDoS attack was perpertrated by DD4BC. They replied that they haven't received any correspondence from him, but are checking into the IP addresses to see if they can find a match. We will update this space as necessary. CCEDK did confirm that they have been the victim of a DDoS attack and touted new protections and, as of press time, the site is back up.

According to DD4BC's previous alleged victims, the group or person ran an online version of a protection racket. DD4BC would send DDoS attacks against sites and then promise, for a fee, to show the sites how to prevent attacks in the future. He would sometimes pretend to be a disgruntled customer during outages he forced, in order to ratchet up pressure on companies. He is also infamous for taunting his victims in email conversations.

If DD4BC is responsible for this hack, it is a step up in complexity compared to previous attacks. Both Bter and Exco.in lost money directly, while DD4BC's method normally focuses on convincing companies to hand over the ransom voluntarily. This alleged tag-team with ambiorx would be far more complex than anything he is known to have pulled off in the past.

Exco.in was created by Blackwave Labs, a “more or less” cryptocurrency focused incubator. The lead developer for Exco.in, Samantha Chen, sat on the Blackwave Labs board, but is resigning her position in the wake of the hack. Exco.in was her personal pet project. She has promised to find a regular job and liquidate her assets in an attempt to pay back customers who were affected by the hack.

This situation is developing and we will have more information as it becomes available. Exco.in has posted further information about the alleged hacker and DD4BC on their main page.


Did you enjoy this article? You may also enjoy these.