Bitrue crypto exchange exploited for $23 million in ether and tokens

Security • April 14, 2023, 6:37AM EDT
UPDATED: April 14, 2023, 7:29AM EDT
The Block

Quick Take

  • Crypto exchange Bitrue reported a loss of $23 million in various crypto assets due to a compromised hot wallet.
  • The stolen tokens represented 5% of Bitrue’s overall funds, the exchange said.

Bitrue has been exploited for roughly $23 million in tokens, the Singapore-based centralized exchange confirmed on Twitter.

"We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023," the exchange tweeted. "We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation."

The exchange explained that attackers were able to withdraw assets in ether, shiba inu, QNT, GALA, HOT and MATIC — but only exploited a hot wallet that holds less than 5% of its overall funds. "The rest of our wallets remain secure and have not been compromised," it stated.

Bitrue's wallet strategy

Centralized cryptocurrency exchanges typically use a combination of cold and hot wallets to manage user funds. Cold wallets — offline storage solutions — offer greater security against cyber attacks. Hot wallets connected to the internet allow for fast deposits and withdrawals but are more vulnerable to hacks.

Bitrue temporarily suspended all withdrawals and plans to reopen them on April 18.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"All identified users who are affected by this incident will be compensated in full," it wrote.

The tokens are currently held in an address starting with 0x181.

The Bitrue incident is the second major attack targeting centralized exchanges in recent days. Earlier this week, South Korea-based exchange GDAC lost nearly $13 million in crypto assets in a similar incident.

Update: story updated with more details of the exploit. 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Authors

Adam is the managing editor for Europe, the Middle East and Africa. He is based in central Europe and was a managing editor and podcast host at the crypto exchange OKX's former research arm, OKX Insights. Before that, he co-founded BeInCrypto.com, which he elevated into one of the leading crypto media brands at its peak as the editor-in-chief. Earlier, he served as the editor-in-chief at Bitcoinist.com. Before joining the blockchain and crypto industry, he worked for Looper.com, Grunge.com and SVG.com. He tweets via @XBT002 and can be emailed at [email protected].
Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Andrew Rummer at
[email protected]

More by Adam James

More by Vishal Chawla