What is CoinCube?
Coincube.io is a free Index-based crypto investing platform.
They have proprietary software that automatically tracks and trades crypto-currencies like index funds on the stock market.
Basically, you pick the coins you want to hold in your portfolio and CoinCube's software automatically trades in real-time 24/7 using your private API keys from your exchange(s).
Example: Say you have 4 different coins in your portfolio... 1 of those coins goes up 100% ... The software will sell a portion of your profits to buy the other 3 coins in your portfolio to maintain a balanced portfolio across the board. -
sounds sweet right? But wait...
API keys compromised. Action required immediately
According to an email sent out to users, the platform was hacked. Anyone using the platform is being told that all API keys are potentially compromised.
Here is a copy of an email recently sent out by COINCUBE.IO
Link to email here
After reading that email there are some things that I find EXTREMELY ALARMING:
"the attacker placed large limit orders in the victims account at prices very close to 0 and then ate through the thinly traded orderbook so as to "buy" up the user's funds at prices far below market rate." (Even if API keys where compromised how did software not detect such obvious abnormality?)
"One of the two accounts was one of my own personal trading accounts." (So Robert Allen the Ceo of CoinCube can't protect his own money BUT wants us to trust his company with our funds? REALLY?)
"We do not know when the attacker last had access to the database, so it is best if you delete all keys regardless of when they were created. ( How do we know the "attacker" isn't STILL in there database? This type of language to me, seems as a way to come back later and steal more funds from anyone who did not delete or reset keys imo)
How To Make Sure Your API keys are ok
Go to the exchange(s) not CoinCube and delete any API key(s) you have connected to Coincube. Again you need to do this at the exchange(s) and not at Coincube.
Once you do that you are safe. (go do that after you like this post)
With so many unregulated platforms/ sites in the crypto space its extremely important that we don't invest anything that we are not willing to lose.
This could be a lone incident and maybe coincube.io tightens up security and they never have any more issues.
Or it could be a sign of things to come. I'll let you decide what to do with your own money but please be safe out there.
If you found this post useful and would like more info like this in the future, please follow me and Up Vote this post. Thanks