Sunday, December 12 at 16:00 UTC
Shane Molidor 00:00
I'll probably go through a couple of facts and then we can open up for community AMA. So quickly to recap on December 11, yesterday at approximately 20 UTC, AscendEX identified a number of unauthorized transfers from one of our hot wallets. These were transfers across ERC 20, Polygon, Binance Smart Chain, Litecoin and Bitcoin Cash. Once these transfers were identified as unauthorized, a security response was initiated immediately. Our cold wallets were unimpacted by this incident, first and foremost, any sort of impacted user from the security instance, will be reimbursed 100%. The impacted assets reflect a relatively small percentage of total assets under management as well as a small percentage of AscendEX in the principal balance sheet, so we will be covering any and all impacted assets out of pocket 100%. I think our approach to this matter is four-fold. First, as I stated, we do plan to compensate all users affected 100%. Any of the unimpacted assets have been transferred to our cold wallets as we continue to investigate the matter. And as I mentioned, the impacted assets constitute a relatively small percentage of total exchange assets. The second part of our response is that we are currently collaborating with both blockchain forensic firms and law enforcement, FBI. We're working alongside these chain analytics firms and law enforcement to monitor the transferred assets that again were transferred on ERC 20, Polygon, Binance Smart Chain, Litecoin and Bitcoin Cash. We're in close contact with other centralized exchanges in order to blacklist the wallets associated with this incident to ensure that this external party that initiated the transfers cannot then transfer these assets into a centralized exchange in order to liquidate the assets. The third partner approach is to work alongside projects that were impacted here that had assets on ERC 20, Polygon, Binance Smart Chain that were impacted by this external transfer. We want to work with these projects to mitigate any sort of potential damage done to the communities. So contract permitting from each of these projects we have enforced or informed them to freeze transfers from the Associated addresses, smart contract and permitting many of these projects that were impacted are then exploring the opportunity to re-issue tokens to users via fork is a very similar approach that was initiated by KuCoin in September of 2020 in response to their hack that occurred. And finally, the fourth part of our approach is that we're working to restore deposits and withdrawals services gradually after we ensure a safe state for all hot wallet infrastructure. This will of course, include a thorough security review that will be conducted. Thereafter, we intend to reopen the platform and allow all users to freely transfer assets. And again, any impacted users will be compensated by AscendEX 100%. I do want to reiterate that this constituted a relatively small percentage of total assets under management that are distributed across multiple hot wallets and cold wallet infrastructure. I'm happy at this point to open up the forum. If anyone has any questions that they'd like to ask. I will do my best to respond to them in an articulate manner. I do want to reiterate that the security review and subsequent post mortem are currently underway. We are in close collaboration with law enforcement agencies including the FBI and working with blockchain forensic firms. This is an all hands-on deck situation. To do appreciate the understanding as the situation develops we do want to maintain outright transparency. Hence the motivation for hosting this AMA and many other subsequent updates and the days of follow, but again, happy to respond to any sort of questions that the community has at this time.
George Cao 04:28
Thanks Shane for the update. The most recent update is our dev team is currently working on redeploying the hot wallet. There's no apparent ETA for when we will resume, deposits or withdrawals, but I don't think it should take more than a few days. So we will keep updating everyone and continue providing 100% of transparency. This is a crime. We are not the first victims, as many of exchanges have been experiencing this crime before and I am sure that more likely we will not be the last crime victim so we are working closely with our players in the ecosystem, as well as cybersecurity safety companies and law enforcement and law makers. It's a war against cybersecurity. So I think the good thing is that all the parties involved, all our business partners are very outstanding and supportive. So with this united front, I'm sure we can work through this unfortunate incident and we will thrive on the other side of this body of work and keep continue to fight against cybersecurity. We at AscendEX will stand very strong to support any implementation of measures on the war against cybersecurity, like Shane said we are happy to answer any questions you may have.
Shane Molidor 06:02
Elizabeth (AMA Twitter Guest) 06:06
Yeah. Hello. I wanted to ask you Well, first of all, thank you for answering all the questions of the community and I wanted to ask how many days might like approximately take the withdrawal of the tokens but I think Georgia has already answered that. And so I did not have questions anymore. Thank you.
Shane Molidor 06:29
Of course, George had mentioned the preliminary estimate is still a moving target for redeploying hot wallet infrastructure to then allow both deposits and withdrawals. We don't anticipate this taking too long. So as George mentioned, preliminary estimates are a couple of days to be deployed. That functionality.
Elizabeth (AMA Twitter Guest) 06:48
Yeah, that is great. Thank you.
George Cao 06:49
Great, well keep providing our most recent updates with different channels on here on our twitter account. I mean even after this AMA if you have any questions, feel free to just leave a message in channel or just write to our support and we will do our best to answer all the questions. And all teams are working around the clock to make sure our functionalities are not impacted, and we are working around the clock to make sure the withdrawals and deposits are resumed as soon as fast as we can. Thank you very much for your support, and thank you very much for being patient with us.
Shane Molidor 07:32
I said Nico was just made speaker happy to respond to any questions that you have me go.
Nico (AMA Twitter Guest) 07:42
Yes, hello. Sorry for my accent because I'm French actually and I don't speak English very well but they were trying to explain my case. I transfer some assets so multi asset this morning from Swisco to us AscendEX and the matic asset didn't reach us AscendEX platform yet. So I would like to know where my are my asset now. When I receive it later when to fight when the platform will go online again. We'll have we'll have to be compensated by AscendEX for the for the asset or reimbursed for something. Thank you for you answer.
Shane Molidor 08:25
These these assets are not lost. So this would have been a reflection of us halting all deposits and withdrawals as a response to the security incident. So any sort of pending transactions whether this deposit or withdraw up shouldn't be a concern right now. The system is working as designed, and any sort of impacted assets from the security breach would be compensated 100% by AscendEX.
Nico (AMA Twitter Guest) 08:52
Thank you very much. Thank you very much for your answer.
George Cao 08:56
Absolutely. Okay, great. Thanks again for attending the AMA. And like I said, we continue to keep 100% of transparency to all communities and thank you for your patience.
Shane Molidor 09:17
I'm going to continue to stay on number one here. I know George is going to be on and off calls. As you know, this is still very recent events. So we are working very closely with both law enforcement and forensic blockchain firms right now as the situation develops as well as conducting our own thorough post mortem from a tech perspective. I'm going to keep this on and, you know, questions that roll in happy to respond to those. I'm also on telegram and on Twitter, any sort of social channel right now? No, he's DM me for full transparency here. But I'm just going to kind of leave my headphones on as questions trickle in.
George Cao 09:57
That's great, thanks Shane.
Shane Molidor 10:20
Anyone that wants to ask a question we that you can just click in the bottom left hand corner of your mobile application you can request thereafter the AscendEX official account the host will grant you access to speak and then I can respond to the question I see someone else was made speaker. I'm sorry there's a little bit broken. audio connection I see that's next Shiantae. There are some difficulties with the audio. So I know that some new new individuals have joined the AMA so I'm going to go ahead and give another recap our response and our approach moving forward to this and I know our operations team is on so you guys can just pay me separately if someone else requests to chat. And I'll respond to that question. Essentially in response to the security incidents, we have a four-prong approach. The first is obviously to take care of our users. Our community is what's most important to us and therefore any user that is impacted by the security incident will be compensated and reimbursed 100%. As soon as withdrawals are reenabled, any user that wishes to withdraw their assets will be able to do so. The unimpacted assets from the security incidents have been transferred to cold wallets as we continue to investigate and as to mitigate any sort of future losses. The impacted assets again, I want to stress are a relatively small percentage of total exchange assets under management. The second part of our approach is to collaborate with Blockchain, forensic firms and law enforcement. So we are currently working alongside chain analytics firms and law enforcement, including the FBI, to monitor all of the transferred assets were in close contact with other centralized exchanges to quote unquote, blacklist the wallets associated with the incident. If you go on Ethereum explorers or polygon explorers, or Binance smart chain explorers, you will see that the addresses associated with security incidents are clearly labeled associated with the incident, centralized exchanges know not to or know to disable any sort of accounts that are seen withdrawing or sorry depositing into their exchange accounts from these blacklisted wallet addresses. The third part to our approach to this matter, is to work with the project's impacted to mitigate any potential damage done to their communities. So contract permitted to certain assets that do allow this we've informed impacted projects to freeze transfers associated with these wallet addresses. If smart contract is not permitted, many of these projects are actually exploring the possibility of re issuing tokens to users. So creating essentially a fork to nullify any sort of loss of funds associated with a security incident. This is essentially an approach that's synonymous with what coo coin did following their hack in September of 2020. And finally, the force pump component to our approach is to work to restore deposit and withdrawal services in a timely manner. You need to first ensure a future safe state and following a thorough security review and a post mortem associated with the incident. We will then reopen the platform for any and all users to freely transferred assets. Any impacted users once again, it will be compensated 100% by AscendEX. anyone can feel free to request to speak at this time. I'm happy to respond to any sort of questions to the best of my ability.
Doge Fan (AMA Twitter Guest) 15:08
As you said a quick question for you guys and was wondering if you had any plans in the future to lower your dose withdrawal fees?
Shane Molidor 15:18
Absolutely, that's something that we can explore. We dynamically adjust the the withdrawal fees on an asset by asset basis. Obviously, the notional or US dollar value of those withdrawal fields can fluctuate quite dramatically. When we see exciting price action for the asset but can certainly take that as a next step once we do re enable withdrawals from the platform.
Doge Fan (AMA Twitter Guest) 15:44
Yeah, just recently did some research. I don't know if you guys had updated to the latest version version or how you guys run your platform or your exchange, but the fees for Doge itself have been dramatically lowered here recently. And enough you guys were up to date on that just checking in to see if that was a future protocol because as someone in the community we've been really reaching out for different exchanges to take on.
Shane Molidor 16:11
Yeah, absolutely. And very much appreciate the feedback.
Doge Fan (AMA Twitter Guest) 16:17
Awesome, thank you.
Shane Molidor 16:26
Anyone else can feel free to request to speak here and our moderators on the Linux official account will grant you speaking access. I see a speaker as Jay Z happy to respond to your question. I'm sorry, I saw SJZ account was there a question that you had? Anyone else can feel free to request to speak and our moderators will grant you access to ask that question. I'll do my best to provide transparency.
SJZ (AMA Twitter Guest) 17:36
People Oh, I'm sorry.
Shane Molidor 17:42
I'm sorry. Can you repeat that question?
SJZ (AMA Twitter Guest) 17:47
Have you ever asked Husker to other crypto currencies? You say that to support supporters? It's exited?
Shane Molidor 17:57
Yes, we've been in close contact with all other major centralized cryptocurrency exchanges is to one blacklist the addresses associated with the security incident. And what that means is that if they see any of their users deposit to the platform from one of the smart contract addresses identified here, that account would be immediately suspended. And the centralized exchange would then cooperate with us and law enforcement agencies in order to apprehend this individual behind the event. And this is to protect the projects that were impacted by the event. You don't want to empower any sort of third party individual to be able to liquidate the assets associated with the security incident. So we are in contact with all major centralized exchanges at this time. I see I will not Yes. Hi, can I help you out? Okay. Same. My question is, how do we know that what assets are compromised at this stage? Is it possible to know? Sure, that's a great question. So you still have access to the platform you can log into your account trading has not been halted. For any sort of hot wallet penetration is or what's called an omnibus wallet. Being the address associated it represents essentially a co mingled representation of all assets. So for any user, again, that was impacted positively by this, the plan is to compensate 100% And once we enable withdrawals from the platform, anyone that wants to transfer assets away from a sundecks can do so unimpeded.
Derek (AMA Twitter Guest) 20:17
Thank you so much.
Shane Molidor 20:19
Of course, thank you for your question. And anyone that has a question, just feel free to request to become the speaker and the bottom left corner of the mobile application moderators from the AscendEX official account will grant you access to speak.
Ebba (AMA Twitter Guest) 21:08
Hello good evening everyone. Oh unfortunate events happen. So shocking to me to be honest, and then I hope your exchange get to recover very fast.
Shane Molidor 21:30
I'm sorry, I didn't catch the last part of the question.
Ebba (AMA Twitter Guest) 21:33
I said this unfortunate event that just appeared on the exchange, I hope you recover very fast from it.
Shane Molidor 21:43
Yes, and I appreciate your sentiment there. I think from a user perspective, that's our number one priority, which is why any users that were impacted by the security incident will be covered and reimbursed 100% out of pocket by AscendEX. That's our commitment to our users. In terms of the other steps that we're taking to help mitigate any sort of damages done to project teams, for example, that is ongoing conversations. Many of these projects are exploring the possibility of actually re issuing tokens to essentially nullify the security incident from ever occurring and ensure that the tokens that are now in the hands of a third party are therefore worthless. So we are taking numerous steps. In addition, we are working with law enforcement, including the FBI, as well as blockchain forensic firms in order to closely monitor the situation as it evolves.
Ebba (AMA Twitter Guest) 22:41
That's a good state. Iowever, every user will be very happy if the exchange is back into normal in some sort of withdrawals and deposits. So when are we supposed to be getting that done?
Shane Molidor 22:52
Exactly. So very early on, George, our CEO had mentioned in this AMA, the plan is to do that as soon as possible. Now certainly we want to make sure that we're conducting a comprehensive and thorough security audit of the infrastructure and find the root cause of this issue. Our preliminary estimates for deposits and withdrawals being reenabled are within a couple of days until trading has not been suspended. You can still freely conduct any other action on the platform. With the exception of deposits and withdrawals.
Ebba (AMA Twitter Guest) 23:25
Awesome awesome, I wish the exchange the best of luck in getting these bad guys.
Shane Molidor 23:30
Thank you very much. We appreciate your support. If anyone would like to have a question, in the bottom left corner of the mobile application, there is a request to speak or moderators from the cynics official account will make you speaker.
Nico (AMA Twitter Guest) 24:01
Yeah, so I don't know if someone hear me. Yeah, I just want to clarify some of the points that you explained me before. So my body is on the way to the platform, but actually, the platform is freeze right? And if I get it right, the money I will resize it later, when you will unfreeze the platform. Is that right? Or is the money lost and you will compensate it with your own money? The money from your own pockets? I didn't get it. Right. Sorry. Could you explain me please?
Shane Molidor 24:35
Chuck? It's a great question. So your deposit is pending. Given that AscendEX has halted any sort of deposits, your assets are not lost. Essentially what has occurred is you've initiated a transfer of an asset on associated blockchain those assets have been received within our wallet. However, given that we've halted those deposits, the ledger or your account balance would not reflect those assets being received. But we have them the assets are safe, and therefore keys would not be impacted by the security incident. For any other assets that are impacted by the security incident across any of our users accounts. We will reimburse uncompensated users 100%.
Nico (AMA Twitter Guest) 25:22
Okay, this time I get it. All right. Thank you very much for your answer. Of course. Have a nice evening.
Shane Molidor 25:30
Thank you very much.
CryptoFan (AMA Twitter Guest) 25:48
Two questions. What's the total? They took out in the hot wallet like USD terms? And also where are the funds coming from? to make customers whole again?
Shane Molidor 26:03
Sure. It's a great question. So there are a number of I guess, moving pieces with a notional term, most notably just volatility of the assets. So the total notional would range between 70 and 80 million notional and US dollar terms. Now that's spread across roughly 94 different assets within ERC 20, Polygon, Binance Smart Chain, Litecoin, and Bitcoin Cash. The asset to use compensate users are from our principal balance sheet as that next we'll cover these assets. Now, as I've mentioned, in many instances, we are discussing with projects that do intend to actually be issued tokens, which would mean that the compensation would actually occur in the form of an asset fork and re issuance and subsequent crediting back to the AscendEX wallet, and the total quantity related to the asset transfer is very similar to what KuCoin exercised in September of 2020, following their security incidents, and what that basically does that essentially it duplicates the tokens in total circulation. You essentially have a fork of the chain that is effectively meaningless because it's associated with incidents and any impacted users are compensated in that capacity.
CryptoFan (AMA Twitter Guest) 27:36
And in terms of like lessons learned from this. What would you guys say is one of the biggest takeaways in terms of this happening?
Shane Molidor 27:44
Sure. It's a great question. I don't want to speak too soon given that we're still in the process of conducting a very thorough security audit. Which will then follow with a security postmortem, which we identify the root cause of this. I think what's most important for us right now, which we are working round the clock to accomplish is to maintain outright transparency with our users and the most important thing for us is that impacted parties are compensated 100%. Your trust in us means everything. So I think that's an important lesson for us. We also want to be collaborative with other impacted parties. So I think moving quickly, maintaining transparency, those are core goals to us. We want to be in continue to be supporters of innovation and blockchain, whether that's new users that are entering them in space and investment capacity, or that's projects that are innovating. So I think this is an ongoing lesson, you know, that we are continuing to be informed upon is the importance of maintaining transparency. I think more targeted lessons learned associated with infrastructure and security. Those will come following our thorough post-mortem from a security perspective.
CryptoFan (AMA Twitter Guest) 29:10
And in terms of like the AscendEX token itself, was there any implications at all towards that in this time, this hack?
Shane Molidor 29:20
Well, I think you know, AscendEX, the fundamental behind the token, ASD, a lot of that has to do with your trust in us and the future performance of the platform. In terms of loss of assets of ASD, no, I think we will work tirelessly to regain and continue growing the trust of our users, therefore by extension, trust and confidence in the ASD token.
CryptoFan (AMA Twitter Guest) 29:50
If it's any consolation, I'm not selling my tokens anytime soon. I'm looking forward to you guys getting ahead of this and I look forward to buying more hope so hope this is just a lesson that we can grow from and look forward to you guys becoming one of the best in the space.
Shane Molidor 30:06
I appreciate your support. And like I think, you know, much more encouraging and you know perspective of confidence is that this is very much something that can be overcome. I think that we see more and more in this space following security incidences. We see community coming together and bonding to fight against a common entity. This is a crime. no mistake about it, which is why we are collaborating with law enforcement agencies. Including the FBI. This is something we will recover from. As I mentioned, the total assets impacted constitute a relatively small percentage of total AUM on the platform. And these are losses that can be covered by our principal balance sheet. It is unfortunate but by no means is this something that is not insurmountable. We will persevere through this we will continue growing and innovating the space. For anyone that's recently joined, feel free to request the speaker slot in the bottom left hand corner of the mobile application. This is quite literally an Ask Me Anything I would do my best to maintain transparency given the facts that I have at my fingertips. Someone just got added subtle. Can't read the full username right now, but happy to respond to your question.
Subtle (AMA Twitter Guest) 32:06
Good morning, I'm just wondering is withdrawals on hold temporarily for the time being?
Shane Molidor 32:14
Correct. We've temporarily suspended deposits and withdrawals. Our goal is to get that back up and running as soon as possible. And once withdrawals are reenabled any user that wishes to withdraw assets will be able to do so unencumbered, and any user that's impacted by this incident will be reimbursed 100% bias index, the current eta or preliminary estimates on eta eta are a couple of days. To get all operations back up and running. Where we do it will be a gradual progression, just to ensure a future safe state.
Subtle (AMA Twitter Guest) 32:52
Fantastic. Thank you very much
Shane Molidor 32:54
Of course. For any new joiners if you would like to ask a question, you can request to speak in the bottom left hand corner of the mobile application. We also have our community managers and other members from our front office teams on the official telegram channel. We are also responding to DMS on Twitter and email via the support on AscendEX.com. So any sort of high level questions that you have here, happy to respond to them. Alternatively, if you'd like to speak with a representative via different social media channel, we do have individuals, at screens, ready to respond in a timely manner myself included. There are no other questions coming in. I think we might be able to wrap this up again. I want to restate we have representatives available on telegram on Twitter, email and all other social channels that are more than happy to respond to individual inquiries. And sorry, I see that Derek was just added speaker so happy to respond to a question that you might have.
Derek (AMA Twitter Guest) 35:17
Yeah, just have a quick question. So I got the amount that got hacked now for example, I can see my staked assets in my wallet. How I got like affected through this hacking. Would I expect an email or what exactly?
Shane Molidor 35:35
Yeah, that's a great question. So support representatives will be in touch with impacted parties. This is an evolving situation. As I mentioned, we are conducting a very thorough security review. To investigate. The security incidents are working with law enforcement including the FBI and blockchain forensic firms here. Once deposits and withdrawals are re enabled with preliminary estimates made not just a couple of days away, if you want to freely transfer your assets, you will not be encumbered. We will not stop you from doing that. Because all impacted funds would be reimbursed 100% from this index principal balance sheet.
Derek (AMA Twitter Guest) 36:18
All right, thank you very much, of course
Shane Molidor 36:28
Unless there are other questions coming in, for the moderators from the center's official account, I think that we can wrap this up. We're happy to direct any and all inquiries that individual users have this about individual accounts. You can send us a direct message on telegram or any other social media channel. You can also reach us at support at a AscendEX.com who will respond to you in a timely manner. This is an all hands-on deck situation. We appreciate your continued support and cooperation with us and the patience as we resolve this in a timely manner. We really want to thank the resilience of the AscendEX community. Thanks everyone.