- The hackers exploited system vulnerability
- Users are assured stolen funds will be returned
- The exchanges have frozen some of the stolen funds
Bitrue, a Singapore-based cryptocurrency exchange has been hacked and about $4.5 million in cryptocurrency has been stolen. The hacker or group of hackers exploited a vulnerability in the exchange’s systems to access user assets for at least 90 customers.
Accessed The Firm’s Hot Wallet
The cryptocurrency exchange made the announcement on the breach via a series of tweets saying they discovered the incident at around 1:00 a.m. local time on Thursday, June 27, 2019. According to Bitrue, the hacker accessed the firm’s hot wallet and transferred 9.3 million XRP ($4.25 million) and 2.5 million ADA ($235,000) to different exchanges. The company stated:
“At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users […] The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.”
Lost Cryptocurrency Will Be Refunded
According to the exchange’s official statement, the firm’s administrators detected the hack and immediately halted trading on their platform and placed the site on maintenance mode as they investigated what was going on. The company’s website was still disabled at the time of writing even though the company has assured users it will be resuming trading “within a few hours.” User funds are insured and Bitrue has said anyone who lost cryptocurrency would be refunded. The company tweeted:
Dear Bitrue Users,
First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again.
— Bitrue (@BitrueOfficial) June 27, 2019
$1.35 Million Worth of Cryptocurrency Frozen
According to Bitrue, about half of the stolen funds were transferred to private wallets while the other half was moved to five cryptocurrency exchanges namely Huobi, Bittrex, ChangeNOW, Exmo.me, and Coinswitch.co. Three of the exchanges – Huobi, Bittrex, and ChangeNOW managed to freeze some $1.35 million worth of cryptocurrency, which Bitrue expects to recover.
The Bitrue incident adds to the list of cryptocurrency exchanges hacked in 2019. The world’s leading cryptocurrency exchange in trade volumes Binance was hacked in May and lost over $40 million in bitcoin in what Binance called “a large scale security breach.” Just like Bitrue, Binance insisted that users who lost their funds would get a refund.
Earlier in January, Bitrue was also affected by a 51-percent attack on the Ethereum classic cryptocurrency in which a hacker had tried to withdraw 13,000 ETC but claimed the attempted theft had been stopped by its system.