$5M stolen from ‘world’s most secure exchange’ ZB—was it a hack or an exit scam?

At a time when several digital currency heavyweights have collapsed, yet another exchange has joined the list of exchanges that have lost millions of dollars. This time, it’s ZB.com, the self-proclaimed “world’s most secure exchange,” which lost close to $5 million in what some say could be an exit scam by insiders.

It all started on August 2, when the exchange announced that it was suspending withdrawals and deposits for temporary maintenance.

https://twitter.com/ZBexchange/status/1554383101517877250

In an accompanying statement, the exchange blamed “the sudden failure of some core applications” for the suspension of its services. 

A day later, it was revealed that just over $4.8 million had been swiped from the exchange. 

The total funds being transferred out from @ZBexchange are ~$4.8M and here is the detailed breakdown of tokens: https://t.co/uMpkvxtOAo pic.twitter.com/xo373Zyge1

— PeckShield Inc. (@peckshield) August 3, 2022

Cybersecurity firm Peckshield revealed that over 20 digital currency tokens had been transferred from the exchange’s hot wallet to an address believed to belong to hackers. This address has since then liquidated all but five of the tokens at press time. The remaining stash, which comprises of DAWN and Bitfinex exchange’s UNUS SED LEO tokens, are worth just over $1 million.

From the first wallet, the hacker then moved the funds to another wallet from which he sold them for 2,224 ETH, worth $3.6 million.

ZB.com hasn’t responded to media requests at press time. The exchange, which was founded in 2013 as CHBTC.com and launched in China, describes itself as the world’s most secure exchange.

While some security experts have determined that the $5 million transfer will likely be down to a hack, not everyone is as convinced, with some viewing it as an exit scam.

https://twitter.com/CryptoWhale/status/1554898851856793603

The incident comes at a time when over 8,000 Solana wallets have been hit by a hack that has drained over $4.5 million in SOL, USDC, and other Solana-based tokens. Solana claims that the incident wasn’t due to a bug in its core code “but in software used by several software wallets popular among users of the network.”

When asked what developers can do to resolve the latest in a long list of mishaps for his project, founder and Solana Labs CEO Anatoly Yakovenko shifted the blame to Google and Apple.

Fucking @apple and @google can give us secure signing and recovery in the device. f’ing hell

— toly 🇺🇸 | compressed (@aeyakovenko) August 3, 2022

Watch: The BSV Global Blockchain Convention presentation, Sentinel Node: Blockchain Tools to Improve Cybersecurity

https://www.youtube.com/watch?v=gB1f_2cCF64