en
Back to the list

Bitrue crypto exchange hacked, loses $23 million due to hot wallet exploit – Cryptopolitan

source-logo  cryptopolitan.com 14 April 2023 11:05, UTC

The crypto bull market has returned, as have crypto hacks. Bitrue, a popular cryptocurrency exchange, was the victim of a cyber attack that resulted in a $23 million loss. The hack was carried out using an exploit that targeted the exchange’s hot wallet, which is connected to the internet and used for instant transactions.

The incident has once again highlighted the vulnerabilities and risks associated with cryptocurrency hot wallets. Upon discovering the breach, Bitrue immediately halted all trading and withdrawals to contain the situation.

Bitrue falls casualty to the latest DeFi hacks

Bitrue announced on April 14 that it had to temporarily suspend all withdrawals due to a “brief exploit” of its hot wallet. After conducting additional security checks, the company expects to reopen withdrawals on April 18, 2023. While reporting the happenings on their blog, the exchange stated:

We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation.

Bitrue Team

Bitrue emphasized that it was able to address the issue expeditiously, allowing the platform to prevent further losses of capital. The exchange added that less than 5% of the exchange’s total funds were stored in the affected hot wallet.

1/4: We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation. pic.twitter.com/QioPHSB2DM

— Bitrue (@BitrueOfficial) April 14, 2023

The exchange has temporarily suspended all withdrawals. It anticipates restarting withdrawals on April 18. In addition, the exchange stated that all identified users affected by the incident would receive full compensation.

To conduct additional security checks, Bitrue will temporarily suspend all withdrawals and expect to reopen withdrawals on 18 April 2023. We seek your understanding and patience during this time. All identified users who are affected by this incident will be compensated in full. We are committed to maintaining transparency throughout this process and thank you for your continued support.

Bitrue Team

According to CoinGecko data, Bitrue trades an average of over $1 billion per day, with bitcoin and ether among the most-traded token pairs. In addition, the Bitrue coin has declined marginally over the past 24 hours.

According to the announcement, the affected currencies on the exploited hot wallet included Ether, Shiba Inu, Quant (QNT), GALA, Holo (HOT), and Polygon.

Bitrue’s wallet operation strategy

To manage user funds, centralized cryptocurrency exchanges typically employ a mix of cold and hot wallets. Cold wallets are offline storage solutions. These wallets provide greater security against cyber attacks. Hot wallets that are connected to the internet allow for faster deposits and withdrawals, but they are more vulnerable to hacks.

Apparently Bitrue got hacked and they are unresponsive.

All 140k hacked $QNT already got sold by hacker, the price handled it well. Sorry for those that lost their coins😢$WTK fam, get your tokens of Bitrue ASAP!!! Or any exchange for that matter. Not worth it the risk. https://t.co/2AUvrp4okk

— San ⭕ (@SanNL11) April 14, 2023

The Bitrue incident is the second major attack in recent days to target centralized exchanges. In a similar incident earlier this week, the South Korean exchange GDAC lost nearly $13 million in crypto assets. These hacks beg the question, can crypto wallets be both accessible and hacker-proof?

Is there a solution to crypto hacks?

The recent wave of hacks, bankruptcies, and lost seed phrases has spawned a slew of crypto wallet applications designed to store private keys associated with cryptocurrencies securely. Many users are embracing the self-custody mantra, taking security into their own hands with a permissionless wallet security infrastructure, as they seek to maintain full control and ownership of their digital assets.

Hackers are constantly looking for new ways to exploit flaws in security wallet software. Worryingly, hackers can “track and trace” quorum members from the multi-sig wallet, giving them visibility into which users are signing for the multi-sig (typically using their own hot wallets).

Implementing stringent security measures and increasing on-chain transparency is essential to protect digital assets, prevent fraudulent activities, and restore confidence in the industry. The losses caused by these scandals have affected both large and small financial institutions, startups, and individual investors.

As cryptography develops, a secure multiparty computation may emerge to grant everyone access to institutional-grade custody.

As the investigation into the Bitrue hack continues, the incident underscores the need for increased vigilance and security measures to safeguard the rapidly growing crypto ecosystem against cyber threats. Crypto exchanges must remain proactive in mitigating risks and protecting their users’ assets to maintain trust and confidence in the industry.

cryptopolitan.com