$2 122 000 USD

MAY 2019




"BitoPro is developed by BitoEX team, who started BitoEX in 2014 which provides cryptocurrency solutions such as digital wallet, business application, financial auditing and more."


"BitoEX team is committed to lead digital currency industry, as BitoEX offers customers comprehensive services in excellent quality and unique branding. BitoEX is also expected to provide ease the process of entering digital currency for everyone."


"In 2017, reacting to the increasing market demand, BitoEX team starts to plan and develope cryptocurrency exchange platform - BitoPro." "The BitoEX team launched the International Digital Assets Exchange Platform - BitoPro in early 2018. Now, through the BitoPro App users can check prices in real time of BTC, ETH, LTC, BITO, MITH, TRON etc. Also the app shows market depths, allowing for more precise trading plus the function to deposit your cryptocurrencies. Managing your digital assets have never been so easy." "We are looking forward to satisfy our customer by providing fast and economical trading services."


"BitoPro is decentralized cryptocurrency exchange located in Taiwan. It has trust score 8. More than 138K traders trade on this exchange. It currently has a 24-hour trading volume around ₿444.27 from 16 coins and 26 trading pairs."


"Taiwan exchange BitoPro's XRP suffered an attack that caused a price crash and is thought to have lost about 7m XRPS." False top-up


"[A] user managed to withdraw 7 million ‘real’ XRP tokens from a Taiwan-based crypto exchange called BitoPro."


"Because often the exchange (especially the new ones supporting $XRP) wasn't aware of the existence of "partial payment"! Thus using the wrong parameter "Amount' to record the payment. The CORRECT parameter to use is and should always be "DeliveredAmount" ‼️"


"The said vulnerability allows a user to fake an XRP deposit transaction and then dump the sent “XRP” tokens on the exchange. In this case, the crooked user faked a deposit of 330,000 XRP, but the actual XRP delivered were just 0.003255 XRP. In effect, BitoPro ended up losing 7 million XRP. Bitrue took the step to expose the flaw and let other exchanges and users know about it to save them from further loses."


"According to Bitrue, there have been around 148 such transactions made since March 8. Bitrue also intimated that a user had attempted the same trick on its platform, but the attack was quickly tackled as Bitrue had already instituted measures to prevent it."

Unconfirmed by BitoPro, there was an apparent exploit where the BitoPro exchange accepted a partial payment of XRP, which may then have been withdrawn from the exchange platform.


There doesn't appear to have been any follow up by BitoPro, so it's possible that the exploit did not result in a successful withdrawal on the exchange platform, or that the exchange thought it best to avoid mentioning what had happened publicly.


If there was an exploit that resulted in a withdrawal from the platform, this was the result of a misconfigured wallet on the platform.


This type of situation can be avoided by a thorough understanding of the chain being used, and detected by a shortfall of balance between the database and blockchain.


This type of situation is likely to happen only once to a platform, if not already caught by a decent team.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.