Last Update: 31 July 2021

Days Since Incident
00 days

This page is dedicated to the former users of the now defunct exchange, Altilly.

About Altilly

Altilly was an unregulated crypto exchange, launched in mid-2018. It was announced in 2019 that Altilly was acquired by the Qredit team.

While being in the phase of incorporation and acquiring the needed licenses to operate an exchange, Altilly got hacked in December 2020.
Only a few months away from official company registration in Estonia.

Since the hack, a lot of funds were lost, unsaved or stolen. Only a handful of assets were saved from the hack. While Altilly was an unregulated exchange, without any official ownership by either of the 2 parties and while the ToS and Disclaimer mentions that no claims can be made in case of a hack, the team behind Qredit takes full responsibility to make sure that all former users will be recovered from their losses.

Below you will find more information about the hack, how it took place and what we will do to reimburse users affected by the hack.

Refunds Overview

Total Claimed:

$ 5 646 231

Refund Tokens Minted


View on Explorer

Refund Tokens Burned


What happened?

Below you will find the FAQ about what happened with Altilly.

What happened with Altilly?

The Altilly Exchange platform has been attacked via unauthorised access and valuable assets from users were stolen by a hacker.
The servers the Altilly Exchange utilised were provided by an independent hosting provider named Cherry Servers.

On the 23rd o December 2020, we were alerted to suspicious activities/monitoring alerts on our servers. 3 servers suspiciously rebooted around the same time. After checking the servers, we noticed some unusual activity and a new system user was created.

With the servers being constantly rebooted and unsure about what exactly happened at that time, we took the preventative action of beginning to move our servers to a new host.

Late on the 25th or early morning on the 26th of December 2020, we were being alerted to another system reboot at our original hosting provider. It was now clear that someone access to our servers. It appears that these systems were accessed at an Admin portal level using rescue mode during the server reboot. We then took an additional step by adding code to prevent anyone from accessing the servers externally and changed the rescue system.

While we were still investing the root cause, we lost access to all of our servers, this includes production web servers, the databases and exchange cryptocurrency wallets. and it appears that a request came in via the hosting client portal to delete all servers on the linked to the attacked account.

on a number occassions, we attempted to upload backups to our servers. Unfortunately, the attacker(s) had also gained access to our offsite storage account at Backblaze. This was compromised using API keys from the configuration files stored on the affected servers. The attacker(s) removed all backup files from that location.

The attacker(s) appear to have downloaded copies of the backups before destroying them.

What was the cause?

During our investigation, we came to the conclusiong that the cause was created by negligence from the hosting provider, Cherry Servers.

During the account creating at the hosting provider in 2018, we created an accouting using an email, username and password.
A second email was added to the same account.
Both emails gave access to the same user account.

The hosting provider had a system breach in 2020 and they made changes to the client hosting portal. They changed the portal which essentially seperated the emails into separate users for the same portal.
This account created a second user that was not secured by 2FA authentication. This change was made in mid 2020 without notification.

Due to this action, one of our email accounts to login in to the portal was unsecured and the account login information was potentially already obtained by the attacker(s) by the breach at the hosting provider.
The attacker(s) was/were able to gain full access to the Administrator console/panel and as well as taking control of our servers, was also able to steal high-valuable assets from the exchange cryptocurrency hot wallets.

It was unforgivable simple mistake to make and a lesson with likely repurcussions for many years to come.

The investigation is currently still ongoing.

Was there a possible way to recover the data?

Since the hack, we have tried many options and tried to communicate with the hosting provider and the backup provider the find potential solutions. Unfortunately, we were not able to recover lost assets.

What about KYC information?

Users KYC information has never been stored externally (i.e. hosting providers) and was only used temporarily during the verification process. Therefore no KYC data/ documents/ personally identifiable information was put at risk during this attack.

What about the saved assets?

The Altilly team were able to save about 90 assets during the migration, these assets are mainly bitcoin clones and cryptonote clones, that have been listed in the last 30 days, prior to the attack.

Only in the last month, Altilly began generating a surplus/profit and running at 1mln USD daily volume.
We had free listings and extremely low fees. For that reason, we were not able to create a buffer/insurance fund to cover losses in case of an attack or something similar.
Due to the attacker deleting the backups and production servers the remaining funds within the Exchange cryptocurrency wallets are effectively inaccessible/lost.

What about the hosting provider?

Unfortunately, the hosting provider does not take any responsibility regarding the hack. Read the PDF file below to read to communication between Altilly team and Cherry Servers.

Click here to read the PDF file.

What happens next?

The team understands that people will clearly be concerned, angered, upset and frustrated with this news. The team have spent three years building the platform, the community of users and the trust, just to have it taken away.

To be very very clear, the Altilly team will continue to support users/teams/coin developers through this extremely challenging time.

We know that a small number of people are already beginning to call the attack an exit scam, and suggestions of the attack being an inside job are totally untrue and unfounded.

Altilly has always prided itself on its transparency and user-friendly approach to customer service. There is absolutely nothing to be gained from Altilly destroying its reputation, user base and trust, for a short term gain.

The leadership team responsible for Altilly have always been visible and transparent and will continue to be so.

Final Word

The Team is deeply saddened and embarrassed at what has transpired. Words can not describe how the team feels and the pain and suffering this news brings to everyone.

You have our word that we will not rest until we have repaid affected users.

The leadership team would also like to apologise to the wider Altilly team, the communities, developers and projects that were listed at Altilly.

The Team will provide regular updates via the website, Altilly Telegram channel and Discord server (details provided below).

Please ensure you do not send anyone details of your transactions.

Anyone claiming to be Altilly Support is most likely a fake.

We will keep communication channels open and we will be most of the time active on Telegram and Discord.

Telegram: Click here


If you filled out the refund form for assets that were "SAVED", you have until Dec 15 to reply to the email that was sent to you.
On Dec 31 we will no longer accept any replies to emails we have sent out as the ticket system will become disabled.
All saved asset requests were sent emails several months ago.
For "NON SAVED" assets we are working on the solution now and emails should begin going out by end of November


All emails have now been sent to users who placed claims for "saved" assets provided they were not in a country sanctioned by the EU

We have refunded most of the saved coins back to the users.

For some assets, there was more claimed than what was actually in the wallet and for some assets we had more left-overs than actual claims.

the Altilly team will sell a handful of assets on markets and use these funds to cover assets that have more claims than the availability of the coins.

This method might seem un-ethical to certain teams and coin developers, but the overall amount should and will not exceed €5000 per asset.


We have received more than 80.000 claims from users regarding unsaved assets.

Unfortunately, a large majority of these claims are fake. For the unsaved assets, we will now enforce KYC within the Qredit Motion app.
All users that filled in the refund form will receive an email to register in the Qredit Motion app and perform KYC. These users will receive "ALTILLY" tokens with the ticker ALT2020. The token is created on the Qredit Blockchain. Each token is equivalent to €1. The idea is to list this token on our new exchange platform "Altfenix".
Once we start making profit on the Altfenix Exchange, we will start buying these tokens of the market until €1 and burn the tokens. This gives us and anyone monitoring our activities a clear and transparent overview of the refund process. Users with less patience will have the possibility to offer these tokens at a lower price to other people with more patience.

Upon creating your account in Qredit Motion and performing a succesful KYC, you will receive within 30 days the tokens in your account under the wallets tab and trading will start after we launch Altfenix.


With over 80.000 claims, we have noticed that after 200 days since the incident, there are still users that didn't had the possibility to make a claim.
There are also users that filled in a claim without any evidence or solid proof that they had funds on the exchange. Looking in to these claims individually requires a lot of time and manpower, that we currently don't have available.

Click here to join the Altilly Refunds channel
Special cases regarding saved assets


Several batches of MRX refunds were made and the MRX wallets are now empty. The remaining MRX refunds will be considered as a lost asset and refunded after saved assets or converted from other assets (left-overs) that are unclaimed.

GLC (updated 5-23-2021)

All GLC wallet fund were passed to Greg Mathews @MicroGuy (GLC developer) to refund to users who were able to provide proof of ownership. It has come to our attention that some users who should have gotten a refund may have been excluded. We are going to setup a meeting with Greg to find out what is going on and how to best move forward.


Q. When will non saved assets be refunded?

Non saved assets will be processed after all saved assets have been refunded and after we have the ability to replace them which could take months and in some cases even years.

Q. Why didnt I get an email about the hack?

A. The hacker deleted our database. We have no user info

Q. Why was the refund form taken down and will it be back?

The form to request a refund was online for users over 60 days. We had to close it so we could begin processing refunds. It may be reopened at our discretion after all other refunds have been completed. This includes saved and non saved assets.