Here’s How MapleChange’s Hack Announcement Resembles an Exit Scam

MapleChange, a small Canadian cryptocurrency exchange, shut down yesterday. Its Discord and Telegram channels went dark, and its website reverted to a GoDaddy domain sales page.

The shutdown happened, according to MapleChange’s Twitter, due to a hack that left the exchange without enough funds available to reimburse people for their stolen coins. The first message announcing the hack appeared on Twitter at 9:13 a.m. on Sunday.

Shortly after, MapleChange issued a follow-up stating that “until the investigation [into the hack] is over, we cannot refund anything.”

When asked why a hack would cause the exchange to also shut down their Discord and Telegram channels, MapleChange barely provided an explanation, only repeating that the exchange had “no more funds.” Why this would necessitate any kind of social media shutdown, especially with an investigation underway and MapleChange presumably needing to update their customers, isn’t immediately apparent.

MapleChange was quick to let its roughly 8,000-member user-base know that it has “not disappeared” and set up a new Discord where people could post how much crypto they’re missing post-“hack.” (When I tried to join, I got a message saying the invite was invalid, but that could be because I don’t have permission to join as someone not registered with MapleChange. MapleChange did not respond to BREAKER’s requests for comment.) However, the exchange also made sure to let users know it “cannot refund everyone all their funds,” particularly bitcoin and Litecoin holdings. As of the supposed hack, MapleChange was holding more than 919 bitcoin, worth at least $5.7 million.

All this left people crying, “exit scam.”

What is an exit scam?

Generally, an exit scam happens when a business accepts money for a product it doesn’t have. People will keep buying from a company, and by the time they realize they’ve given their money away and gotten nothing in return, that company has already slunk away into the night, never to return.

In crypto, exit scams usually pertain to ICOs. A new ICO will pop up, raise money from investors, and then disappear without ever putting out a product. Shitcoins investors purchased from the ICO have zero value (negative value, really, for the buyers), and those behind the company walk away with the cash—sometimes seven figures worth.

Really, seven figures?

Yes. In August, the China-based Shenzhen Puyin Blockchain Group orchestrated the largest exit scam to date. Through three different ICOs—ACChain, Puyin Coin, and BioLifeChain—the company bailed with the equivalent of $60 million. According to Diar, the Chinese State Market Regulatory Administration is now on the blockchain group’s trail, but there’s no word yet on whether anyone can get back their part of the multi-millions.

Other exit scams noted in Diar’s research include Cryptokami taking $12 million worth of investors’ money in June 2018 (a member of Bitcointalk posted a warning on June 21), Elektra Coin pocketing $2.5 million in November 2017, and BlockBroker vanishing with $3 million of its investors’ money this past summer. Ironically, BlockBroker’s “mission” as a company was to eradicate ICO scams.

But MapleChange isn’t an ICO, it’s an exchange. Can it still perpetrate an exit scam?

There’s some major precedent. After the infamous bitcoin exchange Mt. Gox lost about 850,000 of its users’ bitcoin, apparently due to a hack, it shut down its service in February 2014. Sounds not unlike what’s going on today with MapleChange, but at a much larger scale. Mt. Gox’s loss was worth about $500 million at the time, while MapleChange’s is worth about $6 million.

Mt. Gox CEO Mark Karpeles went on to miraculously find 200,000 of the missing Mt. Gox bitcoin. He has since spent time in prison for embezzlement and is currently out on bail, awaiting another trial related to the Mt. Gox fiasco. Last July, U.S. prosecutors charged another man, Russian software engineer Alexander Vinnik, for laundering 530,000 from Mt. Gox. People still debate whether they think Karpeles is a thief or an incompetent CEO whose company got beyond his control.

Mostly, it’s exchanges much smaller than Mt. Gox that lose customers’ coins. Fortune cited at least 36 cryptocurrency exchanges getting hacked and shutting down since 2011, losing more than 980,000 bitcoin total. The operator of the cryptocurrency exchange Moolah, Ryan Kennedy, went to court last year for fraud after losing more than $1 million worth of his customers’ bitcoin, and researchers Brave New Coin posted a long list of now defunct exchanges in 2015 (36 in total, perhaps the number to which Fortune was referring).

How can you avoid exit scams and/or losing your money via cryptocurrency exchanges?

Briefly: Don’t invest in ICOs you know little about and don’t put your cryptocurrency in small exchanges. At the very least, if you trade via those exchanges, immediately put your holdings into your personal wallet after making transactions.

As of writing, MapleChange has been steadily issuing statements via Twitter announcing which altcoins have been returned to users. It’s not looking any better for those bitcoin and Litecoin holders, but it will take deeper investigation into the hack to see whether this is an exit scam or just another poorly managed exchange.