BTER NXT Token Theft: Difference between revisions
(Added more sources and working to isolate the date of the incident.) |
(Updated initial construction template. Added a much improved introduction to the case. Performed a full review of all information from the about section of the case moved into other sections.) |
||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
{{Unattributed Sources}} | |||
[[File:Bter.jpg|thumb|BTER]]The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds. | [[File:Bter.jpg|thumb|BTER Logo/Homepage]]BTER was a Chinese trading platform for blockchain assets, which was established in 2012. The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds. BTER attempted to negotiate a chain split. However, the majority of NXT nodes opposed the split and it did not proceed. BTER attempted to negotiate with the hacker. This was successful, with the hacker returning most of the funds in exchange for a smaller amount of bitcoin. This type of trade worked because the hacker has a lot of difficulty selling stolen NXT tokens, while bitcoin is much more liquid. Ultimately, the BTER platform continued to operate, and it appears they honoured the losses of affected users. | ||
<ref name="coiniq-2326" /><ref name="coindesk-2325" /><ref name="coindesk-3043" /><ref name="bitcoinist-3044" /><ref name="reddit-3045" /><ref name="financemagnates-3046" /><ref name="thehackernews-3047" /><ref name="bitcoinwiki-2327" /><ref name="slowmisthacked-1160" /><ref>https://nxtforum.org/news-and-announcements/forgers-have-been-faced-with-a-choice/ </ref><ref>https://web.archive.org/web/20140818084659/https://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309</ref><ref>https://www.reddit.com/r/Bitcoin/comments/2ds5ty/btercom_saved_from_insolvency_hacker_returns/</ref> | |||
== About BTER == | == About BTER == | ||
"Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges | "Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." | ||
"Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets." | "Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets." | ||
== The Reality == | == The Reality == | ||
| Line 86: | Line 38: | ||
|BTER announces that they are not rolling back the chain as they have a lot of information on the hacker<ref>[https://x.com/btercom/status/500301278027608064 BTER - "We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." - Twitter] (Accessed Sep 19, 2024)</ref>. | |BTER announces that they are not rolling back the chain as they have a lot of information on the hacker<ref>[https://x.com/btercom/status/500301278027608064 BTER - "We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." - Twitter] (Accessed Sep 19, 2024)</ref>. | ||
|} | |} | ||
== Technical Details == | |||
The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost has been estimated at $1,650,000 USD. | The total amount lost has been estimated at $1,650,000 USD. | ||
== Immediate Reactions == | |||
"Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated." | |||
"It's totally our fault and we are trying our best to cover all the loss. However, 50m nxt is huge for us, we cannot afford it at the moment." | |||
“BTER is reporting that 50m NXT, or roughly $1.65m at press time, has been stolen from its exchange following an attack on one of its hosting servers. A developer representing the China-based digital currency exchange platform confirmed the news on the community information website NXT Forum, suggesting that the BTER team was considering urging the NXT community to roll back the NXT block chain to recover the lost funds.” | |||
"This is by far the largest hack that has ever happened in NXT’s history. Although it was entirely down to BTER’s lack of security, NXT as an economic system has started bleeding. Indeed, the hack concerns over 5% of the total money supply." | |||
"[D]evelopers created an alternative version of the NXT client so people could choose to forge on the rollback fork if they wished. Some downloaded it and started forging." | |||
"The BTER representative suggested that the exchange is exploring all options, including contacting the NXT development team in an effort to rollback the block chain, thereby restoring the ledger to its state before the theft occurred." "BTER briefly considered retrieving the stolen funds by rolling back the NXT blockchain, but the exchange eventually decided against pursuing that course of action, since they were able to obtain “lots of information” on the hacker." | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
=== Failure Of Forking The Blockchain === | |||
The attempt to fork the NXT blockchain failed, with the largest holders not agreeing to the fork, despite the value at stake. In the end, even the BTER exchange came on board to keeping the original version of the blockchain intact. | |||
"[T]he big NXT holders, some of whom had had a lot of NXT on BTER, decided not to forge on that fork, believing that protecting the NXT blockchain was more important than trying to recover funds in a way that would kill NXT value in the mid and long term. The Proof of Stake system worked like a census democracy: those who had the most to lose had more power to decide and the NXT blockchain was protected – at the cost of 51 million NXT." | |||
"We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." | |||
=== Negotiation Of NXT Fund Return === | |||
"According to CoinDesk, the exchange was eventually able to negotiate a partial return of the stolen funds." "The hacker sent a ransom message through the Blockchain, demanding bitcoins in exchange for the stolen nxt. BTER negotiated and sent 10 BTC in exchange for five million nxt. The hacker then became impatient- and hostile." | |||
“So, what taking so long? Send me the next batch already. I’m going to leave soon. It’s already 2 hours of negotiation, it took me 1 hour to clean your whole exchanger. BTC 500+ I’m not going to sit here, and wait 2 more hours for you to decide to send the lousy 10 BTC.” | |||
"BTER sent another 100 BTC for the remaining Nxt but received nothing in return as the hacker went silent. 3 options were on the table: offer more BTC to the hacker, a 310 BTC bounty for hunting him down, or implement a fork/rollback." | |||
"Several hours ago, there were reports of more nxt being returned to BTER." | |||
=== BTER Platform Reopening === | |||
"Although [BTER] had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner." | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
| Line 104: | Line 88: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
=== Inside Job Speculations === | |||
"The convoluted series of events, including the hacker’s willingness to negotiate after the decision not to fork, have led some to speculate that it was an inside job." | |||
== General Prevention Policies == | == General Prevention Policies == | ||
The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device. | The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device. | ||
Revision as of 15:57, 26 September 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
BTER was a Chinese trading platform for blockchain assets, which was established in 2012. The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds. BTER attempted to negotiate a chain split. However, the majority of NXT nodes opposed the split and it did not proceed. BTER attempted to negotiate with the hacker. This was successful, with the hacker returning most of the funds in exchange for a smaller amount of bitcoin. This type of trade worked because the hacker has a lot of difficulty selling stolen NXT tokens, while bitcoin is much more liquid. Ultimately, the BTER platform continued to operate, and it appears they honoured the losses of affected users.
[1][2][3][4][5][6][7][8][9][10][11][12]
About BTER
"Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges."
"Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| August 15th, 2014 2:33:00 AM MDT | Hack Announced On Twitter | The BTER exchange announces about the theft on Twitter[13]. |
| August 15th, 2014 7:49:00 AM MDT | CoinDesk Article Published | CoinDesk publishes an article on the incident[2]. |
| August 15th, 2014 9:21:00 AM MDT | Rollback Plan Cancelled | BTER announces that they are not rolling back the chain as they have a lot of information on the hacker[14]. |
Technical Details
The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet.
Total Amount Lost
The total amount lost has been estimated at $1,650,000 USD.
Immediate Reactions
"Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated."
"It's totally our fault and we are trying our best to cover all the loss. However, 50m nxt is huge for us, we cannot afford it at the moment."
“BTER is reporting that 50m NXT, or roughly $1.65m at press time, has been stolen from its exchange following an attack on one of its hosting servers. A developer representing the China-based digital currency exchange platform confirmed the news on the community information website NXT Forum, suggesting that the BTER team was considering urging the NXT community to roll back the NXT block chain to recover the lost funds.”
"This is by far the largest hack that has ever happened in NXT’s history. Although it was entirely down to BTER’s lack of security, NXT as an economic system has started bleeding. Indeed, the hack concerns over 5% of the total money supply."
"[D]evelopers created an alternative version of the NXT client so people could choose to forge on the rollback fork if they wished. Some downloaded it and started forging."
"The BTER representative suggested that the exchange is exploring all options, including contacting the NXT development team in an effort to rollback the block chain, thereby restoring the ledger to its state before the theft occurred." "BTER briefly considered retrieving the stolen funds by rolling back the NXT blockchain, but the exchange eventually decided against pursuing that course of action, since they were able to obtain “lots of information” on the hacker."
Ultimate Outcome
Failure Of Forking The Blockchain
The attempt to fork the NXT blockchain failed, with the largest holders not agreeing to the fork, despite the value at stake. In the end, even the BTER exchange came on board to keeping the original version of the blockchain intact.
"[T]he big NXT holders, some of whom had had a lot of NXT on BTER, decided not to forge on that fork, believing that protecting the NXT blockchain was more important than trying to recover funds in a way that would kill NXT value in the mid and long term. The Proof of Stake system worked like a census democracy: those who had the most to lose had more power to decide and the NXT blockchain was protected – at the cost of 51 million NXT."
"We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him."
Negotiation Of NXT Fund Return
"According to CoinDesk, the exchange was eventually able to negotiate a partial return of the stolen funds." "The hacker sent a ransom message through the Blockchain, demanding bitcoins in exchange for the stolen nxt. BTER negotiated and sent 10 BTC in exchange for five million nxt. The hacker then became impatient- and hostile."
“So, what taking so long? Send me the next batch already. I’m going to leave soon. It’s already 2 hours of negotiation, it took me 1 hour to clean your whole exchanger. BTC 500+ I’m not going to sit here, and wait 2 more hours for you to decide to send the lousy 10 BTC.”
"BTER sent another 100 BTC for the remaining Nxt but received nothing in return as the hacker went silent. 3 options were on the table: offer more BTC to the hacker, a 310 BTC bounty for hunting him down, or implement a fork/rollback."
"Several hours ago, there were reports of more nxt being returned to BTER."
BTER Platform Reopening
"Although [BTER] had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner."
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
Inside Job Speculations
"The convoluted series of events, including the hacker’s willingness to negotiate after the decision not to fork, have led some to speculate that it was an inside job."
General Prevention Policies
The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 30+ Cryptocurrency Exchange Hacks - A Comprehensive List (Aug 9, 2021)
- ↑ 2.0 2.1 Hackers Steal $1.65 Million in NXT from BTER Exchange - CoinDesk (Accessed Aug 9, 2021)
- ↑ Hackers Steal $1.65 Million in NXT from BTER Exchange (Sep 18, 2021)
- ↑ BTER Hacked, NXT PoS at work | Bitcoinist.com (Sep 18, 2021)
- ↑ BTER.com saved from insolvency. Hacker returns funds in undisclosed deal. (USD ~1.5 M returned) : Bitcoin (Sep 18, 2021)
- ↑ Nxt gains upper hand after $1.65m worth of Nxt stolen from BTER | Finance Magnates (Sep 18, 2021)
- ↑ $1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange (Sep 18, 2021)
- ↑ BTER Exchange: Fees, Review, Coins - BitcoinWiki (Aug 9, 2021)
- ↑ SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
- ↑ https://nxtforum.org/news-and-announcements/forgers-have-been-faced-with-a-choice/
- ↑ https://web.archive.org/web/20140818084659/https://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309
- ↑ https://www.reddit.com/r/Bitcoin/comments/2ds5ty/btercom_saved_from_insolvency_hacker_returns/
- ↑ BTER - "Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated." - Twitter (Accessed Sep 19, 2024)
- ↑ BTER - "We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." - Twitter (Accessed Sep 19, 2024)