New: Wallet recovery made easy with Ledger Recover, provided by Coincover

Get started

Thought leadership | 10/17/2018

Remembering the Mintpal Hack – October 2014 $3.500.000 Loss in Crypto Assets

Four years ago, the cryptocurrency exchange known as Mintpal was hacked for a second time. Its CEO allegedly stole the 3,894 Bitcoin that were on the exchange, totalling a $3,500,000 loss in crypto assets over the two hacks.

History of the hack

Mintpal was founded in February 2014, aiming to provide an exchange that combined high level user experience with quick support times. The plan was to add crypto assets monthly based on their popularity. Mintpal quickly grew and became quite a popular altcoin exchange.
Unfortunately, Mintpal faced a major hack on the 13th of July, causing 8,000,000 Vericoin being stolen (value $2,000,000), which was about 30% of the circulating supply at the time. The exchange had kept their Vericoin on a “hot” wallet (an online, internet-connected wallet), which is much more vulnerable.
Interestingly enough, the Bitcoin and Litecoin wallets were also targeted for the Mintpal hack. This turned out unsuccessful. The exchange had wisely decided to move these to a “cold” wallet (an offline wallet). The Ledger hardware wallets are an example of such a cold wallet.
Soon after this first hack, Mintpal was sold to a different company most commonly known as Moolah (officially: Moopay LTD). Alex Green, the CEO of Moolah, stated that it acquired Mintpay to function as the primary altcoin trading platform for his company.
It sadly did not take long till a new issue emerged. In the month of October, well over 3,700 Bitcoins went missing. Unlike the previous hack, the reason for this loss seems to come from having entrusted a malicious individual – Moolah’s CEO Alex Green is accused of having stolen almost $1,500,000 from Mintpal clients. A criminal investigation has been started last year.

What did this mean for Mintpal and Ledger clients?

For the first hack that Mintpal faced, the cryptocurrency exchange was saved by the Vericoin community who decided to fork the coin starting the block before the hack took place. This returned the Vericoins to their rightful owners and rendered the stolen ones unusable.
Unfortunately for the Mintpal clients, this was not the case for the second hack.
Those who used Mintpal for Bitcoin purposes during the second hack were left empty handed. The $1,500,000 worth in Bitcoin was never returned to them, meaning the clients have a large loss on their hands.
Mintpal clients who secured their crypto assets with a Ledger wallet have not been affected. Our hardware wallets serve as a “cold” wallet, similar to the ones that saved Mintpal’s Bitcoins and Litecoins during the first hack. This means that the access to their wallet is in their own hands, rather than being in the hands of an exchange.

What could Mintpal clients have done to prevent this?

Having a hardware wallet securing our assets, such as the Ledger Nano S, would have prevented this. The cryptocurrencies could have been moved from the exchange to the cold storage that the hardware wallet provides, meaning the key to unlocking the wallet would have been kept offline. If the allegations are true, this would have made it impossible for Moolah’s CEO to have access to these crypto assets.
While these hacks took place four years ago, it is more and more a common topic. In 2018 alone, over $833,000,000 has been stolen from cryptocurrency exchange platforms, the latest one being the exchange called Zaif in September. These clients could have prevented these losses by using one of our hardware wallets.
Start protecting your crypto assets today. Find out more about our products through the banner below.
Ledger Nano X Pre-order

Stay in touch

Announcements can be found in our blog. Press contact:
[email protected]

Subscribe to our

New coins supported, blog updates and exclusive offers directly in your inbox

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time using the link included in the newsletter.

Learn more about how we manage your data and your rights.