CoinPayments: Excess XRP Withdrawals Were No Accident, but Done with Malicious Intent

The multi-cryptocurrency merchant payment processor and wallet service provider, CoinPayments has partially reimbursed its users who lost their Ripple deposits due to a bug in the application. The bug allowed platform users to withdraw excess XRP tokens than they actually owned. The flaw was discovered by few users, who exploited it to drain CoinPayments’ XRP hot wallet of 21 million XRP tokens.

The bug went unreported until the company found it on June 5, 2017, and the account balances were updated based on the amount of remaining tokens. The readjusted balance on many wallets after the incident dropped to zero, indicating the seriousness of the situation. The company explained the situation to the affected customers on June 9, 2017, through an email.

According to CoinPayments, its team detected the people/accounts that were responsible for the overdraft and asked them to return the excess tokens voluntarily. The company’s return request is said to have received a mixed response, with few people complying and then some who didn’t. As the company continues to make efforts in cooperation with law enforcement agencies and lawyers to reclaim the stolen XRP, it has also gone ahead to purchase fresh tokens from the Ripple Inc.’s OTC desk to partially compensate the affected parties.

In its previous email, CoinPayments mentioned that it is in the process of transferring funds from the corporate liquidity reserves to purchase the tokens. The email also stated that the platform would start disbursing the freshly acquired tokens from next week.

True to its words, CoinPayments has begun compensating a portion of the losses incurred by its all users. The latest email that followed Ripple deposits received by the affected users reports the company’s progress so far. It states that the stolen funds weren’t voluntarily returned by the perpetrators as expected, forcing the company to take the legal route. The company indicates that it is now convinced that most of the withdrawals weren’t made by accident but with malicious intent and CoinPayments has initiated legal action against them.

“Although contact has been made with many of the suspects, the funds have not been returned as hoped. This has made it very clear that most of the withdrawals were not done accidentally, but with malicious intent. We are now moving forward with prosecution of the perpetrators to the full extent of the law. This will set a precedent in this territory and deter future financial crimes in the space.”

So far, the platform has purchased 55% of the stolen XRP tokens, and the same has been credited to the user wallets. Rest of the lost funds will be gradually compensated by diverting 50% of the platform’s future revenues towards acquiring fresh tokens. However, the whole process may take a while and guess, the affected users have to sit tight and wait patiently.

CoinPayments has so far shown good faith, which has pacified most of the victims. It is likely that the users will be willing to wait until they receive rest of the tokens.

Ref: CoinPayments Email | Image: NewsBTC
Disclosure: The author is one of the CoinPayments user who was affected by the XRP token incident.

Source: Newsbtc