$0 USD

APRIL 2021

CHINA

HOTBIT

DESCRIPTION OF EVENTS

"According to CoinMarketCap, Hotbit had listed 1559 trading pairs in total and was ranked No. 1 among all exchanges regarding the number of types of cryptocurrency projects listed. Hotbit has accumulated 1,000,000+ registered users from more than 170 countries and areas all over the world, among which 90% of registered users are non-Chinese users. Hotbit started to distribute current deposit interests for its users, which means that Hotbit was the first cryptocurrency exchange in the world to offer daily current deposit interests to its users with no token lockup or freeze required."

 

"Founded in January 2018 and registered in both Hong Kong and Estonia, with its core team members from China, USA and Taiwan, Hotbit is currently based in Shanghai and Taipei." "Constantly introducing and listing high quality digital currencies from all over the world, providing users with various types of transactional services in most digital currencies. We provide 24/7 online customer support to ensure quick and readily available support when needed. With a built in Artificial Intelligence market maker that meets the high standards set by Wall Street, our model analysis based on over 250 market parameters, providing 24/7 Customer Support and high liquidity."

 

"Security issues have always been the pain of blockchain industry, which has always been one of the major concerns of Hotbit as well." "We conduct the multinodular structure which meets the requirements set by the IT surveillance logical structure from the Financial Industry, ensuring steady operations of our systems. The front and back-end designs, combined with our multi-node and multimodular distributed deployment, scales out our capacity and thus providing better service for our customers."

 

"Hotbit has already accumulated more than 700,000 registered users from more than 210 countries and areas all over the world. By focusing on the world's emerging markets such as the markets of Russia, Japan, South Korea, Turkey and Southeast Asian countries, Hotbit has gathered its users from Twitter, Telegram, WeChat, VK and Facebook. Join in Hotbit community, communicate and share your thoughts and experience of cryptocurrency with our experienced users from all over the world and gain an insight into the new trend of cryptocurrency industry."

 

Hotbit had set up a bug bounty with firebounty/hackenproof as of November 26th, 2020.

 

"The official announcement of the cryptocurrency exchange Hotbit stated that Hotbit had suffered a serious network attack starting at 20:00 UTC on April 29, 2021, causing some basic services to be paralyzed and the exchange was no longer able to log in. At the same time, the attacker also tried to hack into Hotbit's wallet, which Hotbit claimed was identified and blocked by the risk control system."

 

Addressing users on the exchange’s Telegram group, Alex Zhou, chief security officer of Hotbit, revealed that user funds were unaffected by the attack, stating: “The attacker tried to break into the wallet server to steal funds but the action was identified and blocked successfully by Hotbit risk control system. All users’ funds are safe.” "Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29,2021, which led to the paralyzation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system)."

 

"The Hotbit team decided to immediately shut down all services for inspection and recovery. The entire recovery period is expected to be no less than 7 days. Hotbit stated that all assets are safe."

 

The exchange says that it is “about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure security, Hotbit team will completely rebuild all servers.”

 

"While user funds remain safe, Hotbit warned its customers its database had been compromised during the attack, and that their phone number, email address and asset data might have been leaked." "The attacker has access to the database, so your email address, phone number, account balances, etc may be leaked. They claim that the passwords and 2FA secrets are encrypted, therefore they are safe (disclaimer: they might not). If your Hotbit password is the same as other accounts, they suggest making your passwords unique (you should be doing this already)" "[T]he Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange."

 

"The exchange explained that the attacker deleted the user database after failing to obtain assets. It also warned that “The attacker has already gained access to the database,” so users’ “registered phone number, email address and asset data” may have been leaked." "While stating that the database is backed up, the company says, “we are still uncertain whether the attacker has polluted data or not before the attack,” justifying the need for “a comprehensive inspection.”"

 

"In severe cases, hackers will leave themselves a backdoor into the database several days before the main hacking event. When a company restores what they believe is a clean copy of their database from a previous day, they're actually opening the door to them once again."

 

"According to Hotbit, the attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up , we are still uncertain whether the attacker has polluted data or not before the attack. Therefore, we also need to conduct a comprehensive inspection of the overall data."

 

"Hotbit is brining in outside cyber security firms for the process, which they say will take a minimum of 7 days, and possibly up to 3 weeks."

 

"Following the hack announcement, crypto transfers were spotted from Hotbit’s addresses. The exchange claims that the transfers resulted from them “creating new cold wallet.”" "In its Telegram channel the exchange explained it was now in the process of moving all funds from its hot wallet to a newly created cold wallet. Data from Etherscan has confirmed this, with tokens getting transferred from one of Hotbit’s known wallets to a new address, that holds around $14 million in multiple tokens."

 

“In the future, Hotbit team will continue to strengthen security departments. Meanwhile, by cooperating with world’s famous third-party Internet security teams, Hotbit will also conduct thorough inspection and investigation on the attack issue and thoroughly upgrade security level of the whole system.”

 

“All daily routine income distributions (such as investment products, current products and FIL cloud computing power ) will be paid out after the maintenance is completed .”

 

The last update from May 9th reports that "02:30 AM UTC More than 95% of the environment has been built, and the final performance optimization and security testing are carried out continuously to repair the inconsistency problems found in data verification. We will announce the relatively accurate external recovery steps of the platform in 12 hours"

 

Withdrawals appeared to start reopening for some assets around May 16th.

The Hotbit exchange was attacked, putting $14m in hot wallet assets at risk. In this case, the situation was lucky because the risk control system kicked in to prevent the theft and funds were moved to cold storage before the attacker could steal them.

HOW COULD THIS HAVE BEEN PREVENTED?

No customer assets were lost in this case. This was a lucky case in which the automated systems performed as expected. Our framework does not yet include protections for customer information, however it seems that a better system would avoid exchanges needing to handle that personal information.

 

Check Our Framework For Safe Secure Exchange Platforms

Hotbit Shuts Down After Unsuccessful Hack Attempt - The Chain Bulletin (Aug 3)
SlowMist Hacked - SlowMist Zone (Jun 26)
Hotbit-The World’s Leading Cryptocurrency Trading Platform, BTC Trading, ETH Trading, XRP Trading | Hotbit (Aug 31)
About Hotbit (Aug 31)
FireBounty Hotbit Vulnerability Disclosure Program (Sep 1)
Bug Bounty Program For Hotbit | HackenProof (Sep 1)
Hotbit's Announcement on Emergency Maintenance (Sep 1)
Hotbit just suffered a serious cyber attack : CryptoCurrency (Sep 1)
Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected – Exchanges Bitcoin News (Sep 1)
HotBit hacked... about 2 million users affected...Cannot be stressed enough but do not store your crypto in an exchange. : Bitcoin (Sep 1)
Hotbit crypto exchange shuts down for maintenance after attempted hack (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
@Hotbit_news Twitter (Sep 1)
Hotbit's Announcement Regarding the Maintenance of Exchange Area and ETF Area on April 30th, 2021 (Sep 1)
Hotbit Crypto Exchange Confirmed It’s Hacked – Customers Data Exposed (Sep 1)
Crypto Exchange Hotbit Hacked With 2M Users Affected By CoinEdition (Sep 1)
Hotbit Exchange HACKED: Funds Are Safe, Network Vandalized - How Long Will It Be Offline? | Live Cryptocurrency News | Global Crypto Press | Live Bitcoin News (Sep 1)

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.