Trade.io

On October 20, 2018, at 08:40 EST, the trade.io security team detected an unauthorized transaction involving 50 million Trade Tokens (TIO), valued at approximately $7.5 million USD, from a hardware wallet designated for the platform’s liquidity pool. Launched as a cryptocurrency exchange and liquidity provider, trade.io operated from Lugano, Switzerland, and maintained a reserve of TIO tokens to support trading operations. Despite the platform’s claims of robust security, the breach exposed vulnerabilities in its cold storage practices.

The incident began when the security team observed a large outbound transfer from the wallet, followed by abnormal trading of TIO on external exchanges, including KuCoin and Bancor. Within hours, trade.io notified these exchanges, which promptly disabled TIO deposits, withdrawals, and trading to contain the breach. The swift response prevented further unauthorized transactions, and no customer accounts or funds were directly affected. Investigations confirmed that the trade.io exchange and liquidity pool remained uncompromised, with the breach isolated to a single hardware wallet purchased directly from the manufacturer.Preliminary findings ruled out a technical hack on the cold storage unit or internal theft, though the exact cause of the breach remained under investigation. Trade.io’s systems were deemed secure, and no evidence suggested broader platform vulnerabilities. To mitigate future risks, the management team announced a fork of the TIO token, creating a new ERC-20 token called Trade Token X (TIOx).

Details of the fork were slated for release shortly after the incident.The breach, while contained, raised concerns about the security of hardware wallets and the risks of centralized token reserves in cryptocurrency platforms. Estimated losses, based on TIO’s market value of roughly $0.15 per token at the time, amounted to $7.5 million, though no customer funds were lost. The incident prompted trade.io to enhance its security protocols and underscored the importance of rigorous vetting for third-party hardware and transparent incident response. The Dragon X breach serves as a reminder of the persistent risks in crypto infrastructure, reinforcing the need for decentralized safeguards and proactive exchange cooperation to protect digital assets.