Bitrue Crypto Exchange Hacked: 9.3M Ripple (XRP), 2.5M Cardano (ADA) Stolen; Funds Insured – Update
We were led to believe that the crypto infrastructure is becoming more secure, but it seems that hackers always see to be a step ahead when it comes to finding security vulnerabilities. Just after a month of the infamous Binance hack, Bitrue becomes the most recent victim.
With users based in 80+ countries, Singapore registered Bitrue has offices across the United States, Singapore, Taiwan, and Europe. They were constantly increasing their daily trading volume and building on a reputation of being a “young and reliable cryptocurrency exchange.” However, that is only till earlier today when things really went downhill for the exchange.
The users of the exchange realized that there was something fishy going on when the exchange released a statement on Twitter saying:
Due to system overloading, we are performing a temporary maintenance. During the maintenance all services will be paused, including deposit/withdraw/trading and login in. The maintenance is expected to last around 15~18 hours. Once it is completed we will announce via Twitter.
— Bitrue (@BitrueOfficial) June 26, 2019
However, it seems like the customers were being misled. This was no regular maintenance and the system overload was because of a hack. The team was forced to release an official statement on Twitter.
Official Statement Regarding The Hacking of Bitrue On June 27 2019
— Bitrue (@BitrueOfficial) June 27, 2019
Their PR team right away goes in damage control saying that they have the situation under control and that they guarantee 100% of the lost funds to be returned to their users. They even assured that they are reviewing their security measures and policies to ensure that this never happens again.
Even the CEO, Curis WAng added to the conversation Tweeting out:
Very disappointed with those hackers and what had happened to @BitrueOfficial. You have no idea how our team work crazily hard every single day. All we want is to create something valuable to the whole blockchain especially XRP community. It's never easy for us.
— Curis Wang (@Curis_Wang) June 27, 2019
Details of the hack
At about 1 am (GMT +8) on June 27th, a hacker exploited the platform’s vulnerability on their Risk Control team's 2nd review process to access the personal funds of about 90 Bitrue users. The hacker or hackers leveraged the information gained from the breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.
As soon as the exchange realized that there was a hack, they suspended their services. They went ahead and informed other exchanges like Huobi, Bittrex, and Change now to be alert to similar situations.
They went ahead and apologized for misleading their customers earlier by not informing them about the hack right away. In a statement they said:
Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users.
— Bitrue (@BitrueOfficial) June 27, 2019
What’s Happening currently
Following the attack, the team is conducting an emergency inspection of the exchange. They are hoping to make login and trading functionality as soon as possible. However, withdrawals will be offline for longer periods of time, understandably so. They are even in touch with relevant authorities in Singapore to assist the team in tracking down the culprits.
Also Read: Bitcoin Scams and Cryptocurrency Hacks List
24 Hour Update:
Nearing 24 hours since the official announcement of the hack, Singapore based crypto exchange Bitrue has re-opened and have compensated all users that lost funds.
This is an incredible turn around considering most exchanges that get hacked either lose the funds completely or don't return the funds for a number of months. It's good to know that exchanges like Binance and Bitrue have plans in place to insure their customer funds are returned if a hack would occur.
This also should serve as a reminder to any traders, that an exchange is not a long term storage. Only keep what you are actively trading on an exchange. Put the rest in a cold storage wallet.