Another Crypto Exchange Hacked, This Time for $4.2 Million

  • Bitrue has been transparent about the situation, calming users that their funds will be restored.
  • $4.2 million worth of XRP and ADA were stolen, authorities have been notified and are trying to identify the perpetrator.
A hacker in front of a computer in a dark setting

Bitrue has experienced a major hack, which amounted to around $4.2 million worth of cryptocurrency being stolen from the Singapore-based crypto exchange, the company announced in an official statement on Twitter.

According to the series of tweets, the breach was detected on the 27 June at 1 A.M. local time (GMT+8). The exchange was quick to react to the threat, though, and paused all of its services, including deposits, withdrawals, trading and logging in shortly after the breach was found. Initially, the exchange announced it was experiencing a system overload, and that the services are expected to be back up in about 15-18 hours.

Several hours after the initial announcement the exchange revealed that a purported single hacker was able to exploit a “vulnerability in our Risk Control team’s 2nd review process”, and gained access to around 90 accounts, and later, using what he learned from the first breach, accessed Bitrue’s hot wallet and moved around 9.3 million XRP and 2.5 million ADA to different exchanges. The receiving exchanges, specifically Huobi, Bittrex and ChangeNOW were then notified of this activity, and were able to freeze the relevant transactions and accounts. The exchange also assured its customers that their personal funds were safe:

Despite the imperfections of their security, Bitrue deserve praise for the way they handled this unfortunate event. Through their quick actions they were able to limit the hacker’s access, and their transparency prevented the unnecessary panic and uncertainty that users of hacked exchanges often go through. They have also provided a link to the flow of the funds on the XRP block explorer, and stated that the Singaporean authorities have already been contacted, and will provide help in identifying the perpetrator. Bitrue’s statement to Hard Fork reads:

After recovering the frozen assets, the net loss will be $3.15 million USD. This total includes $1.89 million USD lost from individual user accounts, and $1.26 million USD lost from Bitrue’s own hot wallet. The funds lost by user accounts were insured and will be replaced by Bitrue as soon as the exchange resumes service.

According to the exchange’s official Telegram channel, the owners of the 90 affected accounts have already been contacted by email, and login and trading functionality is expected to be restored by the end of the day.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Kroll Data Breach Compromises FTX, BlockFi Customer Information
  • A cyber security incident at bankruptcy service provider Kroll has resulted in the exposure of “non-sensitive” customer data for claimants involved in the FTX and BlockFi cases.
  • Both companies confirmed that account passwords, systems, and funds remained safe, but warned customers to be on the lookout for phishing scams.