Bigg Digital Assets Inc. is reporting that its subsidiary, Netcoins, experienced a security breach that allegedly allowed a customer to fraudulently withdraw an estimated $1.58 million CAD.
Bigg invests in crypto products and companies and is listed on the Canadian Securities Exchange and the German WKN exchange. It’s subsidiary Netcoins is a crypto trading platform registered as a restricted dealer in Canada with the British Columbia Securities Commission (BCSC).
The Netcoins security breach took place on April 7 after Netcoins internal control systems detected suspicious activity from a single verified user requesting abnormal withdrawals, according to a public statement from Bigg.
An internal investigation discovered that the customer allegedly found a software vulnerability that allowed them to increase their fiat currency holdings through the withdrawal of two types of cryptocurrencies.
Within three minutes, Netcoins’ automated systems intervened to prevent withdrawals, and within 15 minutes the customer’s account was frozen, according to Bigg. The startup reported the software vulnerability was fixed within an hour.
Bigg said no other customer accounts were compromised, and the coins the user withdrew came from Netcoins’ own float.
The startup said it has contacted the RCMP and that the investigation is ongoing. BetaKit reached out to the British Columbia RCMP for confirmation, but had not heard back by presstime.
Bigg’s in-house forensic investigation division is also tracking the coins.
“The bad actor who fraudulently purchased and withdrew crypto from Netcoins will be pursued to the full extent of our capability as an organization, and with the full force of the law,” said Mark Binns, Bigg’s CEO.
Binns told BetaKit this is the first breach Bigg has experienced.
The security breach at Netcoins was relatively small compared to many that cryptocurrency companies have experienced. For instance, a hacker breached the blockchain that powers the crypto game Axie Infinity in mid-March, and stole more than $600 million USD worth of cryptocurrencies from users’ accounts.
Canada has lost $154 million in cryptocurrency through three breaches and one fraud between 2011 and 2021, according to a report from Crystablockchain.com. The three breaches involved Maplechain, Flexcoin, and Just-Dice while the fraud involved the well-documented case of QuadrigaCX.
Crypto breaches aren’t just limited to cash. Hackers obtained the personal information of more than 5,000 Coinsquare users in 2019, including email addresses, phone numbers, physical addresses, for use in SIM swapping attacks. SIM swapping attacks lock users out of their phones, and allow hackers access to their accounts, including cryptocurrency wallets.
Back at Bigg, Binns said: “Our internal control systems and measures, automated and human, worked as designed, and no customers’ funds, coins or accounts were compromised or accessed. Netcoins remains fully operational for our valued customers. The actions of one bad actor will not deter us as we continue to follow our mission in creating a safe, compliant and regulated future for cryptocurrency.”