Regarding broken blockchains.

Unfortunately we have many of them by now and looks like it's systematic problem which affect coin developers. Here is all information we have about this problem.

1. How we register deposits? We scan for incoming transactions and check if it has enough confirmations (set by coin developer as secure for each coin we have). After we have enough confirmation the deposit get posted to user balance.

2. What makes us consider coin blockchain broken? We verify already posted deposits which already had enough confirmations and find them invalid (they have confirmations: -1 or confirmations: 0). We verify those transactions in block explorer and find them there infact giving us strong evidence of broken blockchain because usually for good working blockchains it is impossible to see invalidated transactions in block explorer or addresses with negative balance.

3. How it happens? Here we can only make an assumption. Possibly blockchain cracker put big hashpower on blockchain he attack and make instant fork, creating fake transactions and pushing confirmations to it visible for all network including our wallet. After he remove hashpower network recovers and shows those transactions invalid with negative balances on addresses realted to it. During the time of confirmed fraud transactions attacker sell coins on market and withdraw BTC without delay. After network recover attacker may also withdraw good coins from our wallet in normal way because he has them on his balance from fraud deposits. In result attackers account has no BTC or attacked coins on balance and in most cases making our wallet empty which stops us from ability to provide withdrawals.

4. How we can protect our customers from this type of attack? Infact we can't. As most of blockchain has small block time it is impossible to detect fraud transactions fast because they looks like exactly as non-fraud for all network including our wallet and they have real confirmations with real blocks visible to all.

5. What can we advise to our traders? Please, always make your own research before trading any coin. We never vouch for any dev or coin owner. When you trade coin - you trust not only exchange but mostly coin developer. If you unsure about developer or quality of coin - do not trade that coin.

6. What should coin developers care to protect their coins from this kind of attack? First - they do not have copy paste code which has being used for 1000 times already without revision and deep understanding how cryptowallet and blockchain works. They have to care much about blockchain security with checkpoints, private nodes, monitoring servers etc.

We have nothing to do with broken blockchain unless developer offer some solution. Usually they fix wallet vulnerabilities and make swap or move to more reliable blockchains like ethereum, nxt or bitcoin.