- Bitrue, a cryptocurrency exchange based in Singapore, lost almost $23 million as a result of a hacker who was able to access one of its hot wallets.
- Bitrue suspends withdrawals till April 18th.
- Identifiable users who were affected by the incident will be compensated in full.
On April 14, the Singaporean cryptocurrency exchange Bitrue gave an update on its security breach, announcing that it had identified hacking on one of its hot wallets. ETH, QNT, GALA, SHIB, HOT, and MATIC were among the currencies in which the attackers could withdraw assets valued at roughly $23 million.
However, it is impressive that the company was able to deal with the situation swiftly and stop further asset exploitation. The statement read:
“We are looking into the situation carefully and taking this matter seriously.”
A hot wallet, a cryptocurrency wallet, is used to hold readily available, online-connected cryptocurrencies. But, compared to cold wallets, which are not online, these are more susceptible to cyberattacks and theft.
PeckShield, a company that provides blockchain security, said that the attacker exchanged 173,000 QNT, 22.55 billion SHIB, 46.4 million GALA, and 310,000 MATIC for about 8,540 ETH before withdrawing to this Ethereum address. At the moment, the address is mostly holding SHIB and HOT, totaling $3.2 million.
Birtrue asserted that less than 5% of its cash was in the compromised hot wallet. It assured its customers that the rest of its wallets remain secure and have not been compromised.
Mitigating the Situation
The exchange reassured users that it is undertaking an extensive security review and will keep them informed as it moves forward. In conducting additional security checks, Bitrue said:
“Bitrue will temporarily suspend all withdrawals and expect to reopen withdrawals on April 18, 2023. We seek your understanding and patience during this time.”
Additionally, the announcement said there would be total compensation for any identifiable users affected by this incident.
The company promised to uphold transparency throughout the process.
Mass hacks continue to target crypto and DeFi projects
Bitrue is the second significant exchange to have recently been the target of a cyberattack. Just last week, a similar event cost the South Korean exchange GDAC over $13 million in cryptocurrency assets. Seung-hwan Han, CEO of the platform, claimed that the hacker gained access to GDAC’s hot wallet and stole 23% of the company’s custody assets. Han said:
“All assets currently held by GDAC are fully covered and preserved,”
He further stated that the investigations are being conducted by law enforcement.
Similarly, two DeFi protocols have been the target of multi-million dollar attacks just this week. A hacker stole digital assets valued at about $11.6 million on Thursday using a flaw in a token created by the DeFi protocol Yearn Finance, according to security company PeckShield.
Additionally, crypto security company Ancilia reported in a tweet that the RouteProcess02 contract, a smart contract that gathers trade liquidity from many sources and determines the most advantageous price for exchanging coins, was breached on Sunday, causing DEX platform SushiSwap to lose more than $3.3 million.
