Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/xtcomexchangehotwalletbreach.php}} {{Unattributed Sources}} XT.com Logo/HomepageXT.com has operated a Seychelles-based exchange since 2018. On November 27th, 2024, their hot wallet was breached, and $1.7m worth of various assets were taken. The exchange immediately suspended withdrawals and provided updates. They also appear to have provided a highly pos..."

2025-01-18T00:45:40Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/xtcomexchangehotwalletbreach.php}} {{Unattributed Sources}} thumb|XT.com Logo/HomepageXT.com has operated a Seychelles-based exchange since 2018. On November 27th, 2024, their hot wallet was breached, and $1.7m worth of various assets were taken. The exchange immediately suspended withdrawals and provided updates. They also appear to have provided a highly pos..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/xtcomexchangehotwalletbreach.php}}
{{Unattributed Sources}}

[[File:Xtcomexchange.jpg|thumb|XT.com Logo/Homepage]]XT.com has operated a Seychelles-based exchange since 2018. On November 27th, 2024, their hot wallet was breached, and $1.7m worth of various assets were taken. The exchange immediately suspended withdrawals and provided updates. They also appear to have provided a highly positive account for CoinTelegraph, who published it without question (and with a disclaimer/attribution at the bottom). They have assured users of the platform that their assets are unaffected and reportedly re-enabled withdrawals.<ref name="xtexchangetwitter-17252" /><ref name="veridiseinctwitter-17253" /><ref name="xtsupportzendesk-17254" /><ref name="xtcommedium-17255" /><ref name="instagram-17256" /><ref name="xtexchangetwitter-17257" /><ref name="xtexchangetwitter-17258" /><ref name="xtexchangetwitter-17259" /><ref name="xtexchangetwitter-17260" /><ref name="cointelegraph-17261" /><ref name="etherscan-17262" /><ref name="etherscan-17263" /><ref name="etherscan-17264" /><ref name="etherscan-17265" /><ref name="etherscan-17266" /><ref name="xt-17267" /><ref name="xt-17268" /><ref name="xtexchangetwitter-17269" />

== About XT.com ==
"XT.COM Exchange was established in 2018 and registered in Seychelles. It has operation centers in Seychelles, Europe and other countries and regions, and its business covers the world. The platform owns the global top-level domain name www.xt.com, currently has more than 7.8 million registered users, more than 1 million monthly active users, and more than 40 million user traffic in the ecosystem."

"XT.COM is a comprehensive trading platform that supports 800+ high-quality currencies and 1000+ trading pairs. It has a rich variety of transactions such as spot trading, futures trading, margin trading, OTC trading and buying cryptos with credit cards. XT provides users with the safest, most efficient and professional digital asset investment services."

"2024 was a transformative year for XT.COM, a year filled with groundbreaking events, strategic collaborations, and innovative product launches that elevated its position as a leader in the cryptocurrency industry. By driving community growth, enhancing user experience, and championing blockchain innovation, XT.COM not only solidified its reputation as one of the most influential crypto exchanges, but also opened new doors for its global user base."

== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:

* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.

== What Happened ==
"The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets."
{| class="wikitable"
|+Key Event Timeline - XT.com Exchange Hot Wallet Breach
!Date
!Event
!Description
|-
|November 27th, 2024 6:48:00 PM MST
|Unwavering Support Thanks
|The XT.com exchange wants "to take a moment to thank [their] incredible community for [their] unwavering support in the crypto journey. Together, [XT.com has] navigated the ups and downs of the market, and with [the community's] trust, [they] continue to innovate and push boundaries."
|-
|November 27th, 2024 11:48:59 PM MST
|First Malicious Withdrawal
|The first withdrawal appears to remove 7,849,266.9462263 wQuil from the hot wallet.
|-
|November 28th, 2024 12:03:59 AM MST
|Last Malicious Withdrawal
|The final withdrawal appears to remove the remaining ethereum from the hot wallet.
|-
|November 28th, 2024 2:53:00 AM MST
|XT Exchange Statement
|XT Exchange releases their "XT Statement on Abnormal Transfer of Platform Wallet Assets" tweet, which states that users will not be affected by the incident. However, withdrawals are disabled and many users report being unable to withdraw their funds.
|-
|November 28th, 2024 3:04:43 AM MST
|Website Final Version
|The official announcement on the XT Exchange website is updated to the final version.
|-
|November 28th, 2024 6:14:00 AM MST
|Live Broadcasting
|The XT Exchange team is live on a broadcast for users.
|-
|November 28th, 2024 7:24:00 AM MST
|Withdrawals Back Online
|The XT Exchange reports that they've identified the issue and withdrawals are starting to come back online, with the expectation that all withdrawals will be back online within 24 hours.
|-
|November 28th, 2024 9:48:00 AM MST
|CoinTelegraph Thanks
|XT Exchange thanks CoinTelegraph for a positive press release about the "robust response to abnormal wallet asset transfers".
|}

== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

== Total Amount Lost ==
The total amount lost has been estimated at $1,700,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

== Immediate Reactions ==
"Today, XT.COM identified an abnormal transfer of assets from the platform wallet with the on-chain address 0xdb3ded7731c781224ec292e2163d9554c094fd7c. Our technical team is currently conducting an urgent investigation. The amount involved in this incident is approximately 1 million USDT across 12 different currencies. These assets are owned by the platform and will not in any way harm the interests of our customers or users.

Since inception, XT.COM has always upheld a user-centric approach, maintaining strict and standardized platform fund management while prioritizing the security of user assets. We have established asset reserve funds 1.5 times greater than those of users on the exchange. Additionally, we plan to launch the Merkel Tree Asset Proof System in mid-December to further enhance transparency and security.

Over the past 6 years, we express our gratitude for the support and companionship of our valued users. Every challenge along our growth journey has only made us stronger. XT.COM remains committed to its founding principles and aims to be a trusted and conscientious exchange within the industry."

"We are aware of concerns regarding recent abnormal asset transfers. Rest assured, users' assets remain safe and unaffected. The affected assets belong to the exchange, and we’re taking immediate action, including launching a Merkle Tree Proof of Reserves by mid-December to enhance transparency."

"The first step XT.COM took in response to the abnormal activity was the immediate isolation of the affected systems. This critical move helped to prevent further unauthorized access or data breaches, thereby containing the issue quickly before it could escalate.

By isolating these systems, XT.COM ensured the protection of its broader platform infrastructure and user accounts from potential threats."

"To mitigate additional risks, the platform made the decision to temporarily suspend all coin withdrawals. This precautionary action minimized the potential for further losses, securing the integrity of assets while allowing the team to conduct a detailed investigation into the incident.

Users were promptly informed about the withdrawal suspension, with XT.COM’s team providing consistent updates to maintain transparency."

"XT.COM’s seasoned security team immediately launched a thorough investigation to identify the root cause of the abnormal transfer. This investigation was critical to understanding how and why the incident occurred in order to develop a strategic response plan and ensure that such occurrences are avoided in the future."

"From the moment the incident was detected, XT.COM stayed committed to open communication. The platform quickly informed its users and the wider community about the nature of the abnormal transfer and outlined the key steps being taken to address the situation.

Through its announcements, XT.COM prioritized keeping stakeholders informed, ensuring that users felt reassured and aware of the ongoing effort to resolve the matter."

"This publication is provided by the client. Cointelegraph does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. Readers should do their own research before taking any actions related to the company. Cointelegraph is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release."

== Ultimate Outcome ==
"The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83."

"We sincerely apologize for the temporary suspension of withdrawals on Nov 28, 2024. Our team identified and fixed an issue to ensure user asset security. Withdrawal services will gradually resume starting 00:00 (UTC) on Nov 29, 2024, with full restoration within 24 hours. User assets remain safe throughout the process. Thank you for your understanding and continued support. #XT"

== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="xtexchangetwitter-17252">[https://twitter.com/XTexchange/status/1862072439154569282 @XTexchange Twitter] (Accessed Jan 17, 2025)</ref>

<ref name="veridiseinctwitter-17253">[https://twitter.com/VeridiseInc/status/1864218556982022339 @VeridiseInc Twitter] (Accessed Jan 17, 2025)</ref>

<ref name="xtsupportzendesk-17254">[https://xtsupport.zendesk.com/hc/en-us/articles/40528847749657-XT-COM-Statement-on-Abnormal-Transfer-of-Platform-Wallet-Assets https://xtsupport.zendesk.com/hc/en-us/articles/40528847749657-XT-COM-Statement-on-Abnormal-Transfer-of-Platform-Wallet-Assets] (Accessed Jan 17, 2025)</ref>

<ref name="xtcommedium-17255">[https://medium.com/@XT_com/xt-com-in-2024-milestones-that-shaped-the-crypto-world-0f6d8a71139e XT.COM in 2024: Milestones That Shaped the Crypto World | by XT Exchange | Dec, 2024 | Medium] (Accessed Jan 17, 2025)</ref>

<ref name="instagram-17256">[https://www.instagram.com/xt.com_exchange/ https://www.instagram.com/xt.com_exchange/] (Accessed Jan 17, 2025)</ref>

<ref name="xtexchangetwitter-17257">[https://twitter.com/XTexchange/status/1862127289561211232 @XTexchange Twitter] (Accessed Jan 17, 2025)</ref>

<ref name="xtexchangetwitter-17258">[https://twitter.com/XTexchange/status/1862122807360164033 @XTexchange Twitter] (Accessed Jan 17, 2025)</ref>

<ref name="xtexchangetwitter-17259">[https://twitter.com/XTexchange/status/1862126769593262456 @XTexchange Twitter] (Accessed Jan 17, 2025)</ref>

<ref name="xtexchangetwitter-17260">[https://twitter.com/XTexchange/status/1862176701331251323 @XTexchange Twitter] (Accessed Jan 17, 2025)</ref>

<ref name="cointelegraph-17261">[https://cointelegraph.com/press-releases/xtcoms-robust-response-to-abnormal-wallet-asset-transfers https://cointelegraph.com/press-releases/xtcoms-robust-response-to-abnormal-wallet-asset-transfers] (Accessed Jan 17, 2025)</ref>

<ref name="etherscan-17262">[https://etherscan.io/tx/0xf7bcede1e045f08afc24c665247ba1e551355cd00d4d34c70705ca16b617bb79 Ethereum Transaction Hash (Txhash) Details | Etherscan] (Accessed Jan 17, 2025)</ref>

<ref name="etherscan-17263">[https://etherscan.io/tx/0x96aa5049fd265dbaf2c18d5be71d6967d4bd2db3ad67491a9d8d0e997cd9f01f Ethereum Transaction Hash (Txhash) Details | Etherscan] (Accessed Jan 17, 2025)</ref>

<ref name="etherscan-17264">[https://etherscan.io/tokentxns?a=0x4cb62577e5f4ac1f7bf4ceda7230958c087996c8&ps=100 Token Transfer | Etherscan] (Accessed Jan 17, 2025)</ref>

<ref name="etherscan-17265">[https://etherscan.io/address/0xdb3ded7731c781224ec292e2163d9554c094fd7c#tokentxns Address 0xdb3ded7731c781224ec292e2163d9554c094fd7c | Etherscan] (Accessed Jan 17, 2025)</ref>

<ref name="etherscan-17266">[https://etherscan.io/tx/0xb5fc541e3fc08c928cf068e1c0c8eb0b9ca8dd805fcd7ef670dcaf91cffa4f64 Ethereum Transaction Hash (Txhash) Details | Etherscan] (Accessed Jan 17, 2025)</ref>

<ref name="xt-17267">[https://www.xt.com/en Crypto Exchange | Bitcoin Exchange | Buy/Sell Bitcoin, Ethereum, and Altcoins | XT.com] (Accessed Jan 17, 2025)</ref>

<ref name="xt-17268">[https://www.xt.com/en/aboutUs About Us | XT.com] (Accessed Jan 17, 2025)</ref>

<ref name="xtexchangetwitter-17269">[https://twitter.com/XTexchange/status/1862328225340498018 @XTexchange Twitter] (Accessed Jan 17, 2025)</ref></references>

XT.com Exchange Hot Wallet Breach - Revision history