Another day, and another cryptocurrency exchange hack. Attackers have thieved $4.2 million worth of cryptocurrency from exchange Bitrue.
Earlier today, the exchange announced on Twitter (spotted by ZDNet) that it was subject to a hack in which bad actors made off with 9.3 million Ripple ($4 million) and 2.5 million Cardano ($233,000) coins. At the time of writing, the amounted totals to a little over $4.2 million.
The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.
— Bitrue (@BitrueOfficial) June 27, 2019
Half of the stolen funds have been transfered to private wallets, while the other half was moved to five exchanges – Huobi, Bittrex, ChangeNOW, Exmo.me, and Coinswitch.co. Huobi, Bittrex, and ChangeNOW have frozen $1.35 million worth of the funds, Bitrue told Hard Fork in a statement. Bitrue expects to recover the $1.35 million currently frozen on exchanges.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
“After recovering the frozen assets, the net loss will be $3.15 million USD. This total includes $1.89 million USD lost from individual user accounts, and $1.26 million USD lost from Bitrue’s own hot wallet,” the statement reads. “The funds lost by user accounts were insured and will be replaced by Bitrue as soon as the exchange resumes service.”
According to Bitrue’s statement, the hacker exploited a part of one of the company’s internal review processes to gain access to a hot wallet. The funds of around 90 users have been affected, but Bitrue remains adamant that the situation is under control and that it will return 100 percent of lost coins to those affected.
At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team's 2nd review process to access the personal funds of about 90 Bitrue users.
— Bitrue (@BitrueOfficial) June 27, 2019
System administrators at Bitrue claimed they immediatley detected the hack, and shut down the exchange within 30 minutes.
While Bitrue is communicating openly about the hack, it originally confused users after it announced it would be performing unscheduled “temporary maintenance,” that would last “about 15-18 hours.”
Heads up, @BitrueOfficial platform will be down for some scheduled maintenance on June 29 15:00-18:00 (GMT+8) while we perform a few upgrades. Sorry for any inconvenience, please plan ahead! https://t.co/9hLakZXh4j pic.twitter.com/tji8jP2URZ
— Bitrue (@BitrueOfficial) June 26, 2019
The website’s homepage was replaced with a message saying Bitrue is currently undergoing “scheduled maintenance.” At the time of writing, Bitrue’s homepage is still displaying this message. It seems Bitrue used the cover to begin investigating the hack.
About an hour ago, Bitrue said on Telegram that it’s expecting to have login and trading functions restored by the end of the day.
Indeed, this is just another exchange hack to add to the list for 2019.
Back in May, Binance lost over $40 million worth of Bitcoin in what it called “a large scale security breach.” Like Bitrue, Binance was adamant that users would get their funds back.
About a month later, hackers stole nearly $10 million worth of Ripple (XRP) from cryptocurrency exchange GateHub.
Update June 28, 2019, 0925UTC: It appears Bitrue has recovered from the attack, and its system is back up and running. The exchange says that affected users have been fully refunded.
UPDATE: We're happy to announce that log in & trading services are live again on Bitrue.
Additionally, any user accounts that were affected by the breach have had their assets replaced, as per the Bitrue insurance policy.
Thank you so much to everyone who has supported us ???— Bitrue (@BitrueOfficial) June 27, 2019
Get the TNW newsletter
Get the most important tech news in your inbox each week.