​Bitrue exchange loses $23 million in a hacker attack

What’s new? On April 14, cryptocurrency exchange Bitrue reported the discovery of a vulnerability in one of its hot wallets. With its help, the attackers managed to withdraw assets worth about $23 million in tokens ETH, QNT, GALA, SHIB, HOT, and MATIC. The exchange’s representatives noted on Twitter that the wallet held less than 5% of all Bitrue funds, and the team was able to quickly intervene and prevent further damage from the hackers’ actions. The rest of the exchange’s wallets were not compromised, and user funds remain safe.

1/4: We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation. pic.twitter.com/QioPHSB2DM — Bitrue (@BitrueOfficial) April 14, 2023

The digital asset trading platform Bitrue was founded in Singapore in 2018. There are currently 536 coins and 1085 trading pairs available on the exchange. In the last 24 hours, the trading turnover was $1,95 billion.

How will the exchange operate? The team is currently investigating the incident. For security reasons, it has been decided to suspend withdrawals until April 18. All identified users affected by the exploit will receive full compensation.

According to the analytical company Arkham Intelligence, the damage from the hack amounted to $24,2 million. At the same time, experts noted that the hackers transferred most of the tokens in ETH, receiving 8858 coins (~$18,73 million), leaving their wallet untouched assets in SHIB and HOT.

Bitrue @BitrueOfficial has been exploited this morning for around $24.2M worth of tokens, mainly in QNT, GALA and SHIB.The tokens currently reside in 0x181, having been swapped to 8.858K Ether.Interestingly, the hacker has kept most of the SHIB and HOT.Stay safe! https://t.co/SorQHYpWZf pic.twitter.com/5Otj45uwlE — Arkham (@ArkhamIntel) April 14, 2023

On April 13, PeckShield experts reported a DeFi protocol Yearn Finance exploit that caused the project to lose $11,6 million. The hacker used a bug in the “misconfigured yUSDT” to issue 1,2 quadrillion coins, using an initial deposit of $10 000.

And on April 9, hackers transferred nearly $13 million, or 23% of its total digital assets, from the hot wallet of the South Korean crypto exchange GDAC. On the same day, the decentralized exchange (DEX) SushiSwap was exploited. The platform lost $3,3 million in ETH coins due to a smart contract error.