Hacking attack drains $23 million from Bitrue’s hot wallets
Hackers drained various tokens worth nearly $23 million from crypto exchange Bitrue, in yet another attack highlighting weaknesses in the digital asset space.
The security breach was detected at 07:18 (UTC), when Bitrue noticed unauthorized transactions involving ETH, QNT, GALA, SHIB, HOT, and MATIC that had been transferred out of the exchange. It immediately initiated a security audit, after which it discovered large withdrawals from its hot wallets, which are online wallets used for immediate transactions.
Bitrue immediately took steps to mitigate the damage caused by the potential theft. That includes freezing all affected wallets, which held roughly 5% of the total reserves, and also suspended all cryptocurrency withdrawals until April 18. The exchange has promised to reimburse affected users in full, release the wallet address of the hacker and the final list of stolen assets soon.
In an official statement, Bitrue confirmed the hack and said that it was working with blockchain security firms, and other cryptocurrency exchanges to trace and recover the stolen assets. The exchange also promised to cover any losses with its insurance policy and reassured its users that their funds in cold wallets, which are offline wallets used for storage, were safe.
“We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented further exploit of funds. We take this matter seriously and are currently investigating the situation. Please note that the affected hot wallet only contained less than 5% of Bitrue’s overall funds. The rest of our wallets continue to remain secure and have not been compromised. We are conducting a thorough security review and will update you as we make progress,” the exchange said.
Arkham, a company specializing in cryptocurrency intelligence, provided additional information about the incident. Based on the data shared on its Twitter account, Arkham said the total amount that was exploited amounted to roughly $24.4 million, with the majority of the funds being in QNT, Gala (GALA), and SHIBA INU (SHIB). The malicious actor exchanged most of these tokens for 8,858 Ethereum (ETH), which are currently being held in a wallet with the address 0x181. The data also indicates that the attacker did not exchange most of their SHIB and Holo (HOT) tokens.
Bitrue is a popular Asian cryptocurrency exchange that has been in operation since 2018. The Singaporean centralized platform is a diverse platform that supports spot and futures trading, crypto loans, and high-interest yield farming and staking.