Bitrue Exchange Suffers $23M Loss in Hot Wallet Attack.

Overview:

Bitrue, a leading cryptocurrency exchange located in Singapore, has reported that cybercriminals successfully stole a substantial sum of $23 million from one of their hot wallets. The exchange took to Twitter 14 April 2023 to inform their customers of the attack, which has caused concern and alarm within the cryptocurrency community. Despite the severity of the incident, Bitrue has yet to release any specific details about the method used by the attackers to breach their system. As the investigation unfolds, many are left wondering what steps the exchange will take to mitigate the damage caused by this cyber heist.

Twitter Announcement by Bitrue

Here is the message that was published on Twitter by Bitrue, the Singapore-based cryptocurrency exchange:

We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation.

About this exploit:

According to the available information, the attackers were successful in withdrawing approximately $23 million USD in several cryptocurrencies, including Ethereum (ETH), Quant (QNT), Gala (GALA), Shiba Inu (SHIB), Holo (HOT), and Polygon (MATIC). It is not yet clear how the attackers were able to gain access to the funds or how they managed to withdraw such a substantial amount of cryptocurrencies without being detected. The exchange is currently conducting a thorough investigation into the matter to determine the full extent of the attack and to implement measures to prevent similar incidents from happening in the future.

The wallet held fewer than 5% of the total reserves.

The exchange has provided an assurance that the compromised hot wallet contained a fraction of the total reserves, specifically less than 5%. Moreover, the exchange has confirmed that none of the other wallets were subjected to the attack and remained safe and secure.

A security measure taken by Bitrue.

Bitrue has announced a temporary suspension of all withdrawals to perform additional security checks and expects to resume withdrawal services on April 18th, 2023.

Bitrue commitment

Bitrue has pledged a commitment to their user base or customer community :
https://support.bitrue.com/hc/en-001/articles/17538384324121

The daily trading volume of Bitrue is more than $1 billion.

Bitrue is a platform that specializes in facilitating the buying, selling, and trading of cryptocurrencies such as Bitcoin and Ethereum, as well as other digital assets. Established in 2018, it has since become a major player in the cryptocurrency exchange market, boasting a daily trading volume that exceeds $1 billion, as reported by CoinGecko and cited by CoinDesk.

Given their popularity and market capitalization, it is no surprise that Bitcoin and Ethereum are among the most frequently traded token pairs on the platform. Bitrue’s ability to accommodate these and other cryptocurrencies makes it an attractive option for traders and investors seeking to enter or expand their exposure to the digital asset market.

One more exploit carried out on the Bitrue platform

This is not Bitrue’s first experience with a hacker. The Singapore-based platform was hacked in June 2019 for $4 million worth of XRP and ADA tokens.

To gain access to customer accounts at that time, the hackers exploited a loophole in the platform’s internal review process. After freezing the accounts affected by the hacking, Bitrue informed its customers that they would be fully reimbursed.

The security vulnerabilities of Bitrue thus make hackers happy who do not hesitate to take advantage of them to siphon funds from the platform. If it were to suffer another attack, it is certain that it would lose the trust of its users. Even by reimbursing the funds that were stolen, Bitrue would struggle to restore its reputation as a secure platform.

However, it should be noted that Bitrue is not the only crypto exchange platform to experience security issues that are easily exploitable by hackers. Indeed, several platforms have already fallen victim to hacking in the past. This is the case with Gdac, SuswiSwap, Euler Labs, Hedera, BlockTower Capital, and so on.

Third significant security breach reported in April

Earlier this month, an Ethereum Mainnet validator attacked a major MEV (maximal extractable value) bot, leading to a loss by the network of almost $20 million. Some of the funds have been recovered.

This was not the only other attack in April. DeFi exchange SushiSwap suffered a $3.3 million exploit last weekend. The attackertargeted a weaknessin the ‘RouterProcessor2’ contract, which users deploy to route trades on the exchange.

SushiSwap eventually recovered ether worth $186,000 that had been drained by a hacker from the wallet of a popular trader in Crypto Twitter circles and a Sushi user.

Conclusion:

The recent security breach experienced by Bitrue serves as a reminder of the vulnerabilities faced by cryptocurrency exchange platforms. The incident has caused concern and alarm within the cryptocurrency community, and Bitrue has yet to release any specific details about the method used by the attackers to breach their system. However, the exchange has pledged to conduct a thorough investigation into the matter and has taken the necessary measures to prevent similar incidents from happening in the future. Despite the setback, Bitrue remains a major player in the cryptocurrency exchange market, with a daily trading volume exceeding $1 billion, and it remains to be seen how this incident will affect the platform’s reputation in the long run.