Did a Canadian Crypto Exchange Steal All Its User Funds?

Canada just renegotiated NAFTA, legalized marijuana, and is now the scene of crypto’s most recent exit scam

A small crypto exchange in Canada is crying “hack”, but it appears they pulled off an exit scam disappearing with ~$6 million worth of bitcoin.

An exit scam is when an exchange builds up a reserve of users crypto, and then claims the funds were stolen, when in reality the founders have taken control of the coins.

Details

On October 28th, MapleChange’s markets were manipulated with users coins being forced converted into BTC. The exchange’s official twitter account then released the following tweets:

In a since deleted tweet, MapleChange preposterously claimed that due to the hack, the exchange will be closing down, not paying anyone back and closing down its social media accounts.

“Because we have no more funds to pay anyone back, the exchange has to close down unfortunately. This includes all of our social media.”

Further Lies

MapleChange has reactivated its twitter account in an effort to defend itself and claim some of the smaller alt-coins have been returned to developers leading those projects. Although this claim has been refuted, as one of the alts they supposedly returned tweeted this:

Who is behind this?

While the Edmonton-based exchange has no public team on their website, the good folks on the internet decided to investigate, and managed to track down the founders. The two brothers, Glad and Flavius Poenaru, have scrubbed their Linkedin and social media pages, but a few links remain.

A twitter account that goes by the name @maplechang’ed in ode to the infamous Bitfinex/Tether sleuth Bitfinex’ed, has been leading the charge in exposing MapleChange as an exit scam. If you’re interested or were personally affected by the hack, check their account for updates.

Small crypto exchanges are 100% focused on maximizing profitability over security, as they often face no regulatory oversight. In contrast to this, Japanese exchanges Zaif and Coincheck both worked with local authorities after they were hacked to help recover stolen funds.

How To Protect Yourself

Current evidence indicates that MapleChange was a scam, but even if this is just a poorly communicated hack, similar lessons apply:

Avoid low volume exchanges

• Exchanges with higher daily trading volume have historically been more likely to be able to pay back their users following a hack.

Avoid exchanges with a history hacks

• Exchanges who have been hacked in the past are more likely to suffer another hack.

Use exchanges that do KYC

• Exchanges that perform KYC on their users are less likely to be shutdown or have their assets frozen by regulators.

When possible insure your assets on exchange

• CDx protocol, which launches next year, will allow users to trade insurance on exchanges protecting users from hacks and exits scams.