Greetings Investors,



Unfortunately, our database was compromised and an attacker has been able to use API keys in two cases now to drain large sums of money from two accounts. It is important that you immediately delete any API key(s) you have connected to Coincube. You need to do this at the exchange(s) and not at Coincube.



In both cases, the attacker placed large limit orders in the victims account at prices very close to 0 and then ate through the thinly traded orderbook so as to "buy" up the user's funds at prices far below market rate. One of the two accounts was one of my own personal trading accounts.



We do not know when the attacker last had access to the database, so it is best if you delete all keys regardless of when they were created.



We have done a security audit and the current production database is secure. You can reconnect a new key to Coincube safely now. However, as an added precaution, please use IP address whitelisting where it is available (all supported exchanges except for Bitfinex and HitBTC). This means that only trades originating from our trading engine will be honored by the exchange.



We apologize for this breach and will do all in our power to ensure that it never happens again.



Best,



Robert Allen

CEO

COINCUBE

coincube.io