© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

How 7k DOGE ended up in limbo for almost two weeks


An accidental transfer of over 7,000 Dogecoins (DOGE) proved to be a major headache both for the sender and receiver of the popular cryptocurrency.

A Twitter user @CalisCihan (Salty_Word_624) spends, as he told me, most of his time scam hunting. From time to time, he receives tips from followers who enjoy this scam buster.

On 18 June, @CalisCihan received a tip of over 7,000 Dogecoins (worth over $370 at the time) and shared it on Twitter.

“So who did just tip me 7k Dogecoin on my Core-Wallet? Whoever it was, thank you a lot,” he wrote.

Only this wasn’t a tip. Approximately half an hour later, a user showed up claiming he sent the funds accidentally and wanted them back. @CalisCihan said he would return the money. Only it turned out not to be an easy task.

If you’ve found a couple of hundred dollars and announced it on social media, of course, someone would knock on your door, claiming it’s theirs. Only how are you supposed to know they are telling the truth?

Willing to give the money back, @CalisCihan started his own investigation to verify whether the alleged sender of the Dogecoins was telling the truth.

It turned out that the funds were transferred from a Crypto.com wallet. But the accidental tipper asked to return the money to a different address.

However, there was no way for @CalisCihan to verify that those two wallet addresses – the one that funds were sent from and the one that the sender was asking to return the coins to – belong to the same person.

So he didn’t do what he was asked. Instead, he entangled himself in almost a two-week-long confusion trying to figure out how to find out whether the accidental tipper was telling the truth.

Confusion over different wallets

So there are three crypto wallet addresses in this story, and two of them belong to the sender of the funds. Why did he send a different wallet address for a refund? Here’s where the story gets complicated.

As mentioned above, the accidental tip was sent from a Crypto.com wallet. Revering the transaction wasn’t possible as the funds were sent from a so-called hot wallet.

According to Crypto.com, in hot wallets, private keys are stored and encrypted on the app itself, which is kept online. Using a hot wallet can be risky because computer networks have hidden vulnerabilities that can be targeted by hackers or malware programs to break into the system.

Meanwhile, cold wallets are entirely offline – not as convenient as hot wallets, but far more secure.

Crypto.com says 100% of user cryptocurrencies are held offline in cold storage, while all funds held in hot wallets are corporate funds.

So, to return the money, the receiver had to send them to the deposit address (cold wallet.) Otherwise, they would have ended up in limbo with no chance of finding their way back as this particular hot wallet doesn’t even belong to the user.

Grouping transactions for cost efficiency

According to the blockchain forensics team and Ciphertrace, if you send your funds from your account at a cryptocurrency exchange, your deposit address at the exchange will rarely be the same address that is used to conduct outgoing transactions. Cryptocurrency exchanges typically group outgoing transactions to maximize cost efficiency.

“What you are likely seeing is an address associated with one of the exchange’s hot wallets. While funds may appear to be sent and received to your account at an exchange, these systems are typically all internal and do not reflect actual movement on the blockchain,” Ciphertrace explained.

“Instead, exchanges commonly move transactions in and out of their hot wallets to best fulfill customer transactions, grouping orders together to minimize the number of outgoing transactions while maximizing cost efficiency in an attempt to keep fees low for users.”

Case took almost two weeks to get resolved

Let's get back to the accidental transfer story. So, there was no way for @CalisCihan himself to verify whether the person claiming to have accidentally sent the money was actually being genuine. All left to do was to contact Crypto.com support so that they could check the matter internally.

The sender, according to @CalisCihan, also was in touch with the exchange. Finally, 11 days after the incidental transfer, Crypto.com confirmed that "the person in question was indeed their user and the original sender of the transaction."

"To address your concerns regarding the difference between the sending address and the deposit address you were provided by the sender, I can assure you that this is a normal occurrence as the sender address is always our Crypto.com hot wallet address. Our Crypto.com user has provided you with their personal deposit wallet address, and I can confirm that this is the correct address they can receive their tokens back to, and you are welcome to initiate the transfer at your convenience," Crypto.com representative informed @CalisCihan.

It took almost two weeks to resolve the issue because, as @CalisCihan told Cybernews, it was hard to get through customer support at the beginning.

Cybernews has also been in touch with the Crypto.com team, and here's the statement they shared with us.

"This issue has now been resolved with the help of Crypto.com's customer service team, and the coin transaction in question was successfully returned to the original sender."

Dogecoins were returned to the sender on 29 June, then worth over $480.


More from Cybernews:

Anonymous hits Russia over Killnet's attacks on Lithuania and Norway

Ukraine says Russia coordinated cyber and missile attacks

Data on 1 billion Chinese citizens may have leaked from the Shanghai police

NFTs may one day rival trad art – as a vehicle for money laundering

IT recruiter accused of discrimination against asylees, refugees, and US citizens

A HackerOne employee submitted stolen vulnerability reports

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked