Norway-based cryptocurrency exchange Justcoin has announced that it will be shutting down, effective today. They cite their bank’s closure of their account and the refusal of Norwegian banks to host accounts for businesses dealing with digital currencies.
In addition to an e-mail notification, Justcoin tweeted and wrote on its blog: “Justcoin is shutting down. Affected users, check your email.” Users are urged to withdraw their funds by November 11.
Several weeks ago, Global Crypto News reported that the exchange suffered a theft of 32 million XRP and 54 million stellar (STR), cleaning out its entire STR hot wallet. At the time, the stash was worth about $300k. Based on today’s exchange rates, it’s worth about $240k.
The hacker reportedly exploited the partial payments feature of the two currencies. Ripple’s Monica Long says this feature is important since “it allows the person returning the funds to send less than the amount specified. Without this feature, returning funds would be difficult, possibly requiring many attempts to guess the market rate or making many small payments.” However, users can exploit the feature by sending fictitious funds to an improperly configured gateway and withdraw while the transaction remains unconfirmed.
One reddit user commented: “I didn’t receive any email from justcoin. I’vẹ just checked my transaction history and found that an amount of my STR was sent away and the transaction type is tfPartialPayment. Does anyone know wth tfPartialPayment is ? Was i robbed ?”
ATFX Institutional Business Continues to Expand: Adding a New Prime BrokerGo to article >>
The relative proximity of the theft to the closure naturally leads one to believe that they’re related. Some, however, have downplayed such a possibility. Some have also mentioned that Justcoin noted that the “tfPartialPayment issues” are “purely coincidental”.
Justcoin insinuated that the theft resulted from a flaw in Ripple’s code. Ripple’s Long had this to say:
“Justcoin did not implement partial payments correctly. The exchange falsely credited a non-KYC’d user for a deposit, and then allowed the user to illegitimately withdraw the funds from its hot wallet.”
The events are reminiscent of the early days of the MtGox collapse, when the exchange blamed flaws in the bitcoin protocol for a supposed hack that cost the exchange hundreds of thousands of bitcoins. Bitcoin community leaders and developers slammed MtGox’s excuse, saying the flaw is well known and the exchange failed to handle it correctly with its software.
Jed McCaleb, one of Stellar’s co-creators, disabled the feature in a new code release.