Verge and CoinPouch logos

Users lost over $655,000 worth of Verge cryptocurrency this week, but nobody knows who to blame in an incident involving the maintainers of the CoinPouch wallet app and the Verge cryptocurrency.

The whole drama started on Tuesday when maintainers of CoinPouch, a multi-currency wallet app, published a statement announcing a hack that affected CoinPouch users who stored Verge currency in their wallets.

The CoinPouch team blamed the incident on a Verge node the company set up together with Verge project maintainers to handle Verge transactions for CoinPouch users.

Problems started on November 9

CoinPouch says that on November 9, a user reported having his/hers funds stolen, an incident which they investigated together with the Verge project lead, who later concluded that "it did not look like a hack."

Nonetheless, the Verge dev recommended a set of modifications for CoinPouch's Verge node that would improve its security.

CoinPouch devs say that despite following instructions from the Verge team, days after applying these modifications, the company "started getting additional reports from users stating their Verge wallets in Coinpouch were not working correctly."

When CoinPouch asked the same Verge developer to investigate, he discovered that "most Verge tokens on the Verge Specific Node had been transferred out."

What followed was CoinPouch going public with the hack, and drawing the ire of most of its Verge users.

In a second statement following the initial hack announcement, CoinPouch said it filed a complaint with law enforcement, and requested a copy of the Verge node's underlying server from the hosting company to hand over to a forensics firm and investigate what happened.

Verge team tracks down thief's wallet

On Reddit, the Verge team said they've traced the stolen Verge funds to the thief's wallet, holding over 126 million Verge coins. CoinPouch has later intervened and contacted cryptocurrency exchange platforms and asked them to blacklist the thief's wallet, hoping to trap the funds inside.

In the meantime, the Verge cryptocurrency project has already distanced itself from CoinPouch, claiming CoinPouch was never listed as a recommended wallet on its website and even published an image depicting conversations with CoinPouch app developers to dispell any rumors of back-alley dealings.

Verge team tweet

"At this moment neither Coinpouch nor Justin, the founder and lead developer of Verge, are clear how the hack occurred," CoinPouch said in its statement. The company is currently waiting for the Thanksgiving extended weekend to pass, to continue its investigation into the hack.

Related Articles:

Make-A-Wish Website Compromised for Cryptojacking Operation

Dell Systems Hacked to Steal Customer Information

First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000

Infowars Store Affected by Magecart Credit Card Stealing Hack

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden