One of Canada’s largest crypto exchanges was breached in an attack that compromised customers’ personal information. Coinsquare has assured clients that their funds are safe in the company’s cold wallet and has resumed services across platforms after fixing the bug.
Canadian crypto exchange Coinsquare has confirmed reports of a “data incident” that occurred on November 19th. In an email sent to the customers on Friday, the company stated that the breach may have compromised users’ personal information but assured that client funds are safe and secure in cold storage.
The attack exposed information including customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction histories, and account balances. Coinsquare, which became the first crypto trading platform to get licensed by the Investment Industry Regulatory Organization of Canada (IIROC) in October, put its platform under “an unscheduled maintenance period” and suspended all activity. The company, which provides mobile and desktop applications, resumed all services on November 25th.
Coinsquare said the breach was not further exploited by other bad actors and has advised customers to take preventive measures by changing their passwords, enable two-factor (2FA) authentication and use different credentials for different platforms. The company confirmed that no passwords were exposed in the breach. According to a status update given by the exchange, engineers are currently working to fix an issue that fails to show customers’ transaction history.
2022 has been the biggest year for crypto hackers to date. This year saw attackers grossing over $3 billion from exploiting decentralized exchanges and cross-chain bridges. Blockchain analytics firm Chainalysis named October as the biggest month in the biggest year for hackers. October saw criminals stealing $718 million worth of funds from decentralized finance (DeFi) platforms across 11 different hacks. Solana-based DeFi lending protocol Mango Markets saw $117 million worth of crypto assets stolen in an attack that involved hackers manipulating the platform’s price oracle to lend and borrow funds. This was the single largest hack in October. Hackers also exploited three cross-chain bridges to drain nearly $600 million worth of assets. The attacks have resulted in an 82% loss for the crypto markets in October and a loss of 64% for the year. With another month to go, Chainalysis expects this year to surpass the total value lost to hacks last year.
Following the attack, Coinsquare announced a partnership with on-chain analytics firm Nansen to share information about its cold storage holdings with customers. Indian crypto exchange CoinDCX also partnered with Nansen to release its proof-of-reserves on the blockchain for customers to verify. Crypto exchange OKX released its proof-of-reserves in an effort to become more transparent and trustworthy to clients by providing them with information about the company’s reserves and what backs their funds.
Since the collapse of FTX, proof-of-reserves has become an industry standard to provide customers with more information regarding the status of their funds on crypto platforms.