COSS announcement
September 28th, 2018
No harm no foul.
Dear all COSS users.
For those of you that have followed us for a while, you already know that we highly regard transparency and integrity. Over the past week, there has been floating a lot of conspiracy theories regarding the total supply of COSS tokens. Some users have even gone to the lengths of a thorough investigation and they have continuously been updating us about their findings. This has worked in alignment with our own internal investigation to figure out what happened and why. Some users also went to the extreme and sent us blackmail messages and demanding payment to not reveal their findings. But we are not paying anyone to hide anything, instead, we have concluded our own investigation and therefore prepared this statement.
You all know that mistakes have been done in the past and most likely mistakes will be made in the future. After all, we are only human beings, but we have no problem admitting our mistakes. You are all free to question our skills and even our procedures, but our integrity is intact and will always be.
Our wallet system is not up to speed as you all know and we have been struggling a lot with broken nodes etc. This has also resulted in tonnes of wrong deposits (something that will be of the past once we launch our new matching engine and wallet system, by the way with ONE single deposit address for all ETH and ERC deposits.)
To understand the complexity of wrong deposits I will try to explain how time-consuming and expensive it is.
If you do a wrong deposit into a wallet that holds ETH, we simply need to access that wallet and send the tokens to the correct wallet, but when sending, for example, a COSS token to another erc20 wallet it gets more complicated. This wallet holds no ETH. This means that we need to access the wallet, load it with ETH in order to perform a transaction out of the wallet. We have had thousands upon thousands of wrong deposits with the coss token and also many transactions locked up in broken nodes. Many of you waited a very long time for your wrong deposits to be fixed and we chased our European Devs at length to get it sorted. This didn't happen and we continued to chase for a solution. Have in mind that unless these deposits were fixed these tokens could not be used anywhere although they were already counted as deposits, meaning they belong to the users. This of course resulted in the available balance on the exchange didn't match the total holding of users deposits.
Now to the point and the main reason why we had to investigate when users notified us that a function in the smart-contract was used to issue more tokens. Call it lazy, call it a misuse of access, but please don't call it theft because it wasn't. Dev basically categorized all the stuck deposits as gone and replaced them with new tokens without actually controlling that the supply didn't exceed the 200M, resulting in that Etherscan showed a total supply exceeding 200M. Unfortunately, this was done without informing and/or communicating with us here in Singapore, so we were just as surprised as you when we started to receive messages about the supply. Since then a thorough investigation has taken place. The balance has been corrected and we are now adding a function to lock the contract so nothing like this can ever happen again.
Here is a direct reply from our Dev’s:
“Since launching COSS, there have been numerous issues with wrong deposits for Ethereum tokens (ERC20 sent into ETH deposit addresses and vice-versa). In order to fix those deposits, we had to manually create transactions that moved the funds to the central wallet. For ETH that is easy since the gas is also paid in ETH. For ERC20 tokens sent into other addresses or even ETH deposit address, this is way more complicated because it needs to call multiple functions (first transfer ETH into the wallet, then call the approve function and use the transferFrom function).
This issue, combined with the normal stuck deposits (warm wallet transfers that have failed because of high gas prices), have created a huge number of deposit wallets that stored COSS tokens. These wallets are in control but token recovery is expensive and complicated. In order to match the funds, the developers decided to issue the tokens back into the warm wallet. This has absolutely no influence on the available supply (the available supply is the number of tokens in active circulation) or token price.
The team has already developed a script that moves ETH from wrong deposits into the COSS warm wallet. You can understand the magnitude by watching just a few pending transactions from different wallets (https://etherscan.io/txsPending?a=0x0d6b5a54f940bf3d52e438cab785981aaefdf40c). This was incorrectly pointed as a spam attack by users on the Telegram group. Ethereum uses nonces from the sender as a limit for performing transactions and since these transactions originate from different owners they don’t overlap.
Conclusion, the issuance of tokens:
- Didn’t affect any user balance (positive or negative).
- Didn’t affect the COSS token price since the only address that received the tokens is the COSS warm wallet address.
- It’s fully reversible by moving the tokens on the normal but more expensive way
- Didn’t affect the FSA since the COSS warm wallet address doesn’t have a revenue share identifier.”
These “quick fixes” were performed in June as already confirmed by investigations and just to end of I would like to post the daily volume of COSS tokens from June 7th onwards. Here you will see that at no point in time has there been large spikes in volume that could indicate any masses of tokens being pushed to market.
We sincerely apologize for the lack of communication regarding this, but from Singapore HQ, we also only knew about this for the past few days, and since we didn't want to issue any statements before we concluded our investigation, unfortunately, the time in between has allowed some users to wildly and aggressively spread a number of conspiracy theories about potential theft, dishonest staff etc.
Personally, I have full confidence and trust in all my staff and I sincerely hope that the above put this story to bed so we once again can get back on track fully focusing on delivering a state-of-the-art COSS 2.0
Conclusion:
This was not done the correct way.
This was not communicated as it should.
Balances have been fixed.
No losses of any kind occurred.
Measures are being taken to prevent anything like this to ever happen again.
We do apologize for any inconvenience caused to our entire community.
Kind regards
Rune Evensen
CEO and Founder of COSS.IO
