Christmas Xaurum Hack Report

Order is restored. The hack was unhacked.



Results of our hack analysis can be found here: https://docs.google.com/spreadsheets/d/1GuSK4DwahHVxJVuZBwno2tnwJ-X6YIDxHCF3Fp7A998/edit?usp=sharing

Nearly all of the stolen funds have been retreived and the funds on exchanges (Bittrex and C-CEX) are frozen.
Some of the funds were dumped before our actions, and the users will be compensated.


- 18.58 M XAUR stolen (approximate value 1.4 M $).

- The attacker sent 17.58 M XAUR to his addresses at 2:28 CET
on:

0x0eb8fb894a58e67a238d8065e6f8d70690f5a290            999999.5 XAUR

0x3dba2e569559a5f1cc5a21f3106ec46f3640e301           8597998.5 XAUR

0x78134661e27962d6f84e5e2dcdd356acb462b0d1          7499999.5 XAUR

0xa6c20f2f035b402bd2700901e23970df3ce607b7             499999.5 XAUR

verify on https://etherscan.io/token/xaurum

- 499,999.50 XAUR sent to Bittrex at  03:49 CET

- 499,999.50 XAUR sent to C-CEX at 09:56 CET

- Markets closed at 10.30 CET

- The blockchain was stopped at 10.40 CET https://etherscan.io/tx/0x63ed1f857d1293115f0c4cae3fea401341052e77601e027d480c4d834d879488

- Finding a solution 11:00 - 14:00 CET

- Theft analysis 15:00 - 16:00 CET

- Solution testing 14:00 - 17:00 CET

- Waiting on opportune moment 17:00 - 00:30 CET

- 17.58 M XAUR was retreived by Xaurum Team at 00:37 CET





The remainder of the stolen funds are frozen on the attacker's account on exchanges.

We have contacted the authorities and will provide them with our gathered data.

Markets will reopen as soon as we can arrange that the funds on C-CEX will remain frozen.

The balances on the chain have been restored to their legitimate order and users will be able to transact as soon as the markets start.


The attacker tried to extort us on email with the email tgarfield@bk.ru and via pm on bitcointalk as the user MarkedlySuperior.

We'd like to thank Bittrex, C-CEX, Livecoin on their amazing support on a holiday.

Merry Christmas,
Xaurum Team