At around 17:00 UTC on June 26 or 01:00 on June 27 in Singapore, where digital asset exchange Bitrue is based, a security breach occurred, which resulted in a loss of $4.5 million in crypto from the exchange's hot wallets.
Bitrue, which was founded in 2018, has quickly become a favorite with members of the XRP community because of the high degree of enthusiasm, support, and transparency shown by its management towards XRP. One interesting fact about Bitrue is that it supported XRP as a base currency on the day that its trading platform was launched (19 July 2018).
At press time (07:57 UTC on June 27), visitors to the Bitrue website are greeted with this message:
Around 02:16 UTC on June 27, Bitrue issued an official statement (via a series of tweets) that explained what exactly had happened, how this impacted its users, and what it was going to do next:
- At approximately 17:00 UTC on June 26, a hacker or group of hackers "exploited a vulnerability" in the exchange's "Risk Control team's 2nd review process" to "access the personal funds of about 90 Bitrue users."
- The hackers "used what they learned from this breach" to steal around $4.5 million in crypto—more specifically 9.3 million XRP and 2.5 million Cardano (ADA)—from the exchange's hot wallets and moved these coins to various other exchanges.
- Shortly after the security breach, this attack was detected and trading, withdrawals, and deposits were all suspended on Bitrue, and the three exchanges where the stolen funds were moved to—Huobi Global, Bittrex, and ChangeNOW—were alerted and asked to freeze "the affected funds and accounts." Bitrue has also "contacted the relevant authorities in Singapore to assist us in tracking down the culprit and retrieving the stolen funds."
- Because initially it was not quite clear what exactly had happened, the message shown above (about "system maintenance") was posted on the Bitrue website... Bitrue wishes to apologize for "this miscommunication" with its users.
- Bitrue wants to reassure its users that all "heir personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible."
- Bitrue is currently "conducting an emergency inspection of the exchange and hope to be live again as soon as possible with log in & trading functionality." As for withdrawals, they will be "offline for a slightly longer period" while the investigation continues.
- The flow of stolen XRP can be tracked via the XRP Ledger tool at Bithomp: https://bithomp.com/explorer/rwSvajJ4ZNhjgzcfaJWkEuLh4VURTFHuka
In communication with CryptoGlobe, Bitrue's support team confirmed that:
- all user funds are "insured up to a maximum value of 1 million USD per user"; and
- "trading should be back up within a few hours, and at that time users who were affected will already have their lost funds back in their accounts"
Featured Image Credit: Photo via Pexels.com