Open an Account Support Video-based instructions
Most pumped (24h)
0.00003833 QKC
Most dumped (24h)
0.00196281 CSE
Max. Volume (24h)
132.41 BTC
0.000001 EXM


Monero news

Created 20.08.2019 10:37
Dear clients, as you may know from the earlier news on Livecoin and at the cryptocurrency news portals, our exchange has been impacted by the vulnerability in Monero cryptocurrency code, with the consequence that XMR coins were stolen from several Exchanges, including ours.
After that, we have been trying to obtain damages from Monero developers for a long time, with no success.
Below, we submit timeline, showing that the attack had been undertaken before the developers released an appropriate vulnerability fix. For that reason, we suspect that the attack might conducted by the said asset insiders - they could be either some of the developers, or some of the code auditors (they provided services to the Monero developers).
Besides, it is known for a fact, that the developers of Monero didn’t notify anybody about the critical vulnerability, which allow to freely change the displaying amounts in transactions. It was not a hard job for the developers to post proper warning at the official website news section (we are constantly monitoring such notifications for all projects, to avoid losses).
Besides, according to the news at cryptocurrency news portals, it became known that the developers knew about the vulnerability long before the attacks on exchanges (our exchange wasn’t the only one to suffer losses), however, they didn’t find it necessary even to notify somebody of that, or, they were guided by other reasons. The said vulnerability was revealed by the Monero developers a lot later than the attacks had happened, and wasn’t classified as critical, which is indicating either very poor approach to the safety of Monero code, or involvement of someone from the developers’ team into the attacks on the exchanges with the purpose of stealing clients' coins. Also, none of the official Monero block explorers were functioning at that very moment, which adds even more suspicions about the insiders’ actions.
All the aforesaid is purely our personal assessment and does not aim for formal legal charges.

The attack was undertaken on July, 20, 2018 and continued for a few days. Here are some of the scam transactions for example. That was how the Monero node “saw” the transactions - pay attention to the amounts - the real amounts were absolutely different, they were drastically smaller.

show_transfer 0a9bc6e8312288bf26883a38ed58dbd0a69114164e22610fd2ee9498ce8b916f
show_transfer c7605527df26ae29b464f7029535c4a05c4acf7b1d944e1f72a649f5044df6bf
show_transfer 14bcccd9411cd390ea4e02ba6473e30b68ff14dc128b9264bc2feacd77dd2478
show_transfer cb181a2843b928224e5b90cc077e31c5674cd130134d66989d7c87920646d891
show_transfer b734edcb2e2db8807b05f09aa4129a213cdeefb24455eb666ce8d8177a0ee7ec

Height: 1623790
Timestamp: 2018-07-24
Amount: 13700.000000000000
Payment ID: 1b7f9d9ca21512ba

Height: 1622157
Timestamp: 2018-07-22
Amount: 985.000000000000
Payment ID: 1b7f9d9ca21512ba

Height: 1621064
Timestamp: 2018-07-20
Amount: 150.000000000000
Payment ID: 1b7f9d9ca21512ba

Height: 1621030
Timestamp: 2018-07-20
Amount: 150.000000000000
Payment ID: 1b7f9d9ca21512ba

Height: 1621014
Timestamp: 2018-07-20
Amount: 150.000000000000
Payment ID: 1b7f9d9ca21512ba

On July 24, 2018, the new version of the node was released, but the update wasn’t critical, it was a routine, even though the vulnerability was critical. We updated the node within 2 days after the update had been released, which is a standard procedure of our operating with nodes.
After the node update, the amounts of previous incoming transactions changed - they decreased. On the same day, we tried to contact the Monero developers and disabled both the deposit and withdrawal. However, in course of our communication, the developers refused to pay damages caused by their actions, namely, the non-notification of the vulnerability in the Monero code, of which the developers were well aware long before the attacks on the exchanges, as well as the absence of news about the vulnerability in the official Monero information channels, and also the insider operations or inaction towards the critical vulnerability.

In such cases (losses caused by the actions or inaction of the developers), we proceed in accordance with our User Agreement, which is: we take all possible effort to try to get the funds’ recovery from the developers, using all the existing options and possibilities. In case of the other party refuses to cooperate, we are forced to delist such an asset, as we do quite often, because, regretfully, not all the developers understand and bear responsibility for security of their software/service/project to the clients. In case the developers refuse to pay damages, caused by their actions or inaction, our service does not provide the funds’ reimbursement, which was clearly stated in our User Agreement from the very beginning of our work, because we are unable bear more responsibility than the developers/owners of one or another cryptocurrency.

We willingly provide refund on the losses of our customers’ funds, if that happened through our fault; as you may know, we have done that a few times in the past. The Monero case is different, because we were following a standard security protocol and timely made the updates – that is why we don’t see any fault of ours for the given situation.

The said asset will be delisted on August 30 2019.
Livecoin website collects and processes personal information of visitors in accordance with the privacy policy. If you do not agree with this policy, you must leave this website.