Bitrue crypto exchange exploited for $23 million in ether and tokens

Bitrue has been exploited for roughly $23 million in tokens, the Singapore-based centralized exchange confirmed on Twitter.

"We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023," the exchange tweeted. "We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation."

The exchange explained that attackers were able to withdraw assets in ether, shiba inu, QNT, GALA, HOT and MATIC — but only exploited a hot wallet that holds less than 5% of its overall funds. "The rest of our wallets remain secure and have not been compromised," it stated.

Bitrue's wallet strategy

Centralized cryptocurrency exchanges typically use a combination of cold and hot wallets to manage user funds. Cold wallets — offline storage solutions — offer greater security against cyber attacks. Hot wallets connected to the internet allow for fast deposits and withdrawals but are more vulnerable to hacks.

Bitrue temporarily suspended all withdrawals and plans to reopen them on April 18.

"All identified users who are affected by this incident will be compensated in full," it wrote.

The tokens are currently held in an address starting with 0x181.

The Bitrue incident is the second major attack targeting centralized exchanges in recent days. Earlier this week, South Korea-based exchange GDAC lost nearly $13 million in crypto assets in a similar incident.

Update: story updated with more details of the exploit.