Bitrue, a crypto exchange based in Singapore, has officially announced that it has had $3.9 million in XRP and $225,000 in Cardano (ADA) stolen in an early morning hack.
“At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges,” said the Bitrue team.
In the first half of 2019, seven crypto exchanges including Bithumb and Binance suffered from high-profile security breaches, losing tens of millions of dollars in user funds. The Bitrue hacking attack brings the total number of exchanges hacked in 2019 to eight, raising concerns about the security of exchanges.
According to the Bitrue team, 100 percent of lost funds will be returned to users and it is working to ensure that a similar security breach does not happen in the future.
“First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again,” Bitrue said.
In comparison to past hacking attacks in 2019, the amount of crypto assets lost in the Bitrue hacking attack is relatively small at $4 million.
The exchange has said that the stolen funds have been sent to Huobi, Bittrex, and ChangeNOW. The exchanges were able to track down some of the funds sent to the exchanges which have frozen funds connected to the hacking attack.
“The attack was soon detected, and activity was temporarily suspended on Bitrue. We alerted the receiving exchanges about the situation, and wish to extend our thanks to Huobi, Bittrex and ChangeNOW for their help in freezing the affected funds and accounts,” the team said.
For any crypto exchange, a hot wallet or a wallet connected to the internet, can fall victim to a security breach as seen in the case of Binance.
To prioritize security, although it is possible to strengthen measures to protect the hot wallet, it is most practical to establish an emergency fund equivalent to the amount held in the hot wallet to fully compensate users when an attack occurs.
Binance, for instance, created the Secure Asset Fund for Users in July 2018 to compensate users in an unlikely event that its hot wallet falls victim to a security breach./
“To protect the future interests of all users, Binance will create a Secure Asset Fund for Users (SAFU). Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet,” said Binance.
When Binance was hacked for $40 million on May 7, the exchange swiftly resumed operations within a span of several days and compensated all users.
In various major crypto markets including South Korea, both non-government organizations and authorities have started to prioritize the dealing of the aftermath of an exchange hack over prevention.
The Korea Blockchain Association requested all exchanges in South Korea to obtain insurance to protect user funds and compensate in a swift manner if a security breach occurs.
During a period in which some of the biggest exchanges in the crypto market are being hacked, it is realistically difficult to prevent all types of breaches, especially when it comes to minor exchanges.
Last modified: March 4, 2021 2:40 PM