BTER NXT Token Theft: Difference between revisions
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/bternxttokentheft.php}} thumb|BTERThe BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds. The first thing which BTER attempted was to negotiate a chain split. However, the majority of NXT nodes opposed the split and it did not pr...") |
(COMPLETE 30 minutes. Updated initial construction template. Added a much improved introduction to the case. Updated the image used. Performed a full review of all information, and moved information from the about section of the case moved into other sections. Completed the prevention section for all 3 actors. Prepared a promotion on Twitter for the case.) |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
[[File: | [[File:Btercom.jpg|thumb|BTER Logo/Homepage]]BTER was a Chinese trading platform for blockchain assets, which was established in 2012. The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds. BTER attempted to negotiate a chain split. However, the majority of NXT nodes opposed the split and it did not proceed. BTER attempted to negotiate with the hacker. This was successful, with the hacker returning most of the funds in exchange for a smaller amount of bitcoin. This type of trade worked because the hacker has a lot of difficulty selling stolen NXT tokens, while bitcoin is much more liquid. Ultimately, the BTER platform continued to operate, and it appears they honoured the losses of affected users. | ||
<ref name="coiniq-2326" /><ref name="coindesk-2325" /><ref name="coindesk-3043" /><ref name="bitcoinist-3044" /><ref name="reddit-3045" /><ref name="financemagnates-3046" /><ref name="thehackernews-3047" /><ref name="bitcoinwiki-2327" /><ref name="slowmisthacked-1160" /><ref>https://nxtforum.org/news-and-announcements/forgers-have-been-faced-with-a-choice/ </ref><ref>https://web.archive.org/web/20140818084659/https://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309</ref><ref>https://www.reddit.com/r/Bitcoin/comments/2ds5ty/btercom_saved_from_insolvency_hacker_returns/</ref> | |||
== About BTER == | |||
"Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." | |||
"Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets." | |||
== The Reality == | |||
The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. | |||
== | == What Happened == | ||
A hacker was ultimately able to gain access to the NXT funds in the hot wallet. | |||
{| class="wikitable" | |||
|+Key Event Timeline - BTER NXT Token Theft | |||
!Date | |||
!Event | |||
!Description | |||
|- | |||
|August 15th, 2014 2:33:00 AM MDT | |||
|Hack Announced On Twitter | |||
|The BTER exchange announces about the theft on Twitter<ref>[https://x.com/btercom/status/500198658701135873 BTER - "Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated." - Twitter] (Accessed Sep 19, 2024)</ref>. | |||
|- | |||
|August 15th, 2014 7:49:00 AM MDT | |||
|CoinDesk Article Published | |||
|CoinDesk publishes an article on the incident<ref name="coindesk-2325" />. | |||
|- | |||
|August 15th, 2014 9:21:00 AM MDT | |||
|Rollback Plan Cancelled | |||
|BTER announces that they are not rolling back the chain as they have a lot of information on the hacker<ref>[https://x.com/btercom/status/500301278027608064 BTER - "We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." - Twitter] (Accessed Sep 19, 2024)</ref>. | |||
|} | |||
== Technical Details == | |||
The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. | |||
== Total Amount Lost == | |||
The total amount lost has been estimated at $1,650,000 USD. | |||
== Immediate Reactions == | |||
"Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated." | "Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated." | ||
"It's totally our fault and we are trying our best to cover all the loss. However, 50m nxt is huge for us, we cannot afford it at the moment." | "It's totally our fault and we are trying our best to cover all the loss. However, 50m nxt is huge for us, we cannot afford it at the moment." | ||
“BTER is reporting that 50m NXT, or roughly $1.65m at press time, has been stolen from its exchange following an attack on one of its hosting servers. A developer representing the China-based digital currency exchange platform confirmed the news on the community information website NXT Forum, suggesting that the BTER team was considering urging the NXT community to roll back the NXT block chain to recover the lost funds.” | |||
" | "This is by far the largest hack that has ever happened in NXT’s history. Although it was entirely down to BTER’s lack of security, NXT as an economic system has started bleeding. Indeed, the hack concerns over 5% of the total money supply." | ||
"[D]evelopers created an alternative version of the NXT client so people could choose to forge on the rollback fork if they wished. Some downloaded it and started forging." | |||
The | "The BTER representative suggested that the exchange is exploring all options, including contacting the NXT development team in an effort to rollback the block chain, thereby restoring the ledger to its state before the theft occurred." "BTER briefly considered retrieving the stolen funds by rolling back the NXT blockchain, but the exchange eventually decided against pursuing that course of action, since they were able to obtain “lots of information” on the hacker." | ||
== Ultimate Outcome == | |||
=== Failure Of Forking The Blockchain === | |||
The attempt to fork the NXT blockchain failed, with the largest holders not agreeing to the fork, despite the value at stake. In the end, even the BTER exchange came on board to keeping the original version of the blockchain intact. | |||
"[T]he big NXT holders, some of whom had had a lot of NXT on BTER, decided not to forge on that fork, believing that protecting the NXT blockchain was more important than trying to recover funds in a way that would kill NXT value in the mid and long term. The Proof of Stake system worked like a census democracy: those who had the most to lose had more power to decide and the NXT blockchain was protected – at the cost of 51 million NXT." | |||
"We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." | |||
== | === Negotiation Of NXT Fund Return === | ||
"According to CoinDesk, the exchange was eventually able to negotiate a partial return of the stolen funds." "The hacker sent a ransom message through the Blockchain, demanding bitcoins in exchange for the stolen nxt. BTER negotiated and sent 10 BTC in exchange for five million nxt. The hacker then became impatient- and hostile." | |||
“So, what taking so long? Send me the next batch already. I’m going to leave soon. It’s already 2 hours of negotiation, it took me 1 hour to clean your whole exchanger. BTC 500+ I’m not going to sit here, and wait 2 more hours for you to decide to send the lousy 10 BTC.” | |||
"BTER sent another 100 BTC for the remaining Nxt but received nothing in return as the hacker went silent. 3 options were on the table: offer more BTC to the hacker, a 310 BTC bounty for hunting him down, or implement a fork/rollback." | |||
"Several hours ago, there were reports of more nxt being returned to BTER." | |||
=== BTER Platform Reopening === | |||
"Although [BTER] had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner." | |||
== | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
The BTER platform was able to negotiate with the hacker to return most of the funds in exchange for bitcoin. | |||
== Ongoing Developments == | == Ongoing Developments == | ||
== Prevention Policies == | === Inside Job Speculations === | ||
"The convoluted series of events, including the hacker’s willingness to negotiate after the decision not to fork, have led some to speculate that it was an inside job." | |||
== General Prevention Policies == | |||
The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device. | The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device. | ||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Avoid Third Party Custodians}} | |||
{{Prevention:Individuals:Store Funds Offline}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Implement Multi-Signature}} | |||
{{Prevention:Platforms:Regular Audit Procedures}} | |||
{{Prevention:Platforms:Establish Industry Insurance Fund}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Platform Security Assessments}} | |||
{{Prevention:Regulators:Establish Industry Insurance Fund}} | |||
{{Prevention:Regulators:End}} | |||
[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun | == References == | ||
<references> | |||
<ref name="coiniq-2326">[https://coiniq.com/cryptocurrency-exchange-hacks/ 30+ Cryptocurrency Exchange Hacks - A Comprehensive List] (Aug 9, 2021)</ref> | |||
<ref name="coindesk-2325">[https://www.coindesk.com/bter-nxt-bitcoin-exchange-hack/ Hackers Steal $1.65 Million in NXT from BTER Exchange - CoinDesk] (Accessed Aug 9, 2021)</ref> | |||
<ref name="coindesk-3043">[https://www.coindesk.com/markets/2014/08/15/hackers-steal-165-million-in-nxt-from-bter-exchange/ Hackers Steal $1.65 Million in NXT from BTER Exchange] (Sep 18, 2021)</ref> | |||
<ref name="bitcoinist-3044">[https://bitcoinist.com/bter-hacked-nxt-pos-at-work/ BTER Hacked, NXT PoS at work | Bitcoinist.com] (Sep 18, 2021)</ref> | |||
<ref name="reddit-3045">[https://www.reddit.com/r/Bitcoin/comments/2ds5ty/btercom_saved_from_insolvency_hacker_returns/ BTER.com saved from insolvency. Hacker returns funds in undisclosed deal. (USD ~1.5 M returned) : Bitcoin] (Sep 18, 2021)</ref> | |||
<ref name="financemagnates-3046">[https://www.financemagnates.com/cryptocurrency/news/nxt-gains-upper-hand-after-1-65m-worth-of-nxt-stolen-from-bter/ Nxt gains upper hand after $1.65m worth of Nxt stolen from BTER | Finance Magnates] (Sep 18, 2021)</ref> | |||
<ref name="thehackernews-3047">[https://thehackernews.com/2015/02/bter-bitcoin-exchange-hacked.html $1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange] (Sep 18, 2021)</ref> | |||
<ref name="bitcoinwiki-2327">[https://en.bitcoinwiki.org/wiki/BTER BTER Exchange: Fees, Review, Coins - BitcoinWiki] (Aug 9, 2021)</ref> | |||
<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 26, 2021)</ref> | |||
</references> | |||
Latest revision as of 18:12, 26 September 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
BTER was a Chinese trading platform for blockchain assets, which was established in 2012. The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds. BTER attempted to negotiate a chain split. However, the majority of NXT nodes opposed the split and it did not proceed. BTER attempted to negotiate with the hacker. This was successful, with the hacker returning most of the funds in exchange for a smaller amount of bitcoin. This type of trade worked because the hacker has a lot of difficulty selling stolen NXT tokens, while bitcoin is much more liquid. Ultimately, the BTER platform continued to operate, and it appears they honoured the losses of affected users.
[1][2][3][4][5][6][7][8][9][10][11][12]
About BTER
"Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges."
"Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets."
The Reality
The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet.
What Happened
A hacker was ultimately able to gain access to the NXT funds in the hot wallet.
| Date | Event | Description |
|---|---|---|
| August 15th, 2014 2:33:00 AM MDT | Hack Announced On Twitter | The BTER exchange announces about the theft on Twitter[13]. |
| August 15th, 2014 7:49:00 AM MDT | CoinDesk Article Published | CoinDesk publishes an article on the incident[2]. |
| August 15th, 2014 9:21:00 AM MDT | Rollback Plan Cancelled | BTER announces that they are not rolling back the chain as they have a lot of information on the hacker[14]. |
Technical Details
The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet.
Total Amount Lost
The total amount lost has been estimated at $1,650,000 USD.
Immediate Reactions
"Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated."
"It's totally our fault and we are trying our best to cover all the loss. However, 50m nxt is huge for us, we cannot afford it at the moment."
“BTER is reporting that 50m NXT, or roughly $1.65m at press time, has been stolen from its exchange following an attack on one of its hosting servers. A developer representing the China-based digital currency exchange platform confirmed the news on the community information website NXT Forum, suggesting that the BTER team was considering urging the NXT community to roll back the NXT block chain to recover the lost funds.”
"This is by far the largest hack that has ever happened in NXT’s history. Although it was entirely down to BTER’s lack of security, NXT as an economic system has started bleeding. Indeed, the hack concerns over 5% of the total money supply."
"[D]evelopers created an alternative version of the NXT client so people could choose to forge on the rollback fork if they wished. Some downloaded it and started forging."
"The BTER representative suggested that the exchange is exploring all options, including contacting the NXT development team in an effort to rollback the block chain, thereby restoring the ledger to its state before the theft occurred." "BTER briefly considered retrieving the stolen funds by rolling back the NXT blockchain, but the exchange eventually decided against pursuing that course of action, since they were able to obtain “lots of information” on the hacker."
Ultimate Outcome
Failure Of Forking The Blockchain
The attempt to fork the NXT blockchain failed, with the largest holders not agreeing to the fork, despite the value at stake. In the end, even the BTER exchange came on board to keeping the original version of the blockchain intact.
"[T]he big NXT holders, some of whom had had a lot of NXT on BTER, decided not to forge on that fork, believing that protecting the NXT blockchain was more important than trying to recover funds in a way that would kill NXT value in the mid and long term. The Proof of Stake system worked like a census democracy: those who had the most to lose had more power to decide and the NXT blockchain was protected – at the cost of 51 million NXT."
"We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him."
Negotiation Of NXT Fund Return
"According to CoinDesk, the exchange was eventually able to negotiate a partial return of the stolen funds." "The hacker sent a ransom message through the Blockchain, demanding bitcoins in exchange for the stolen nxt. BTER negotiated and sent 10 BTC in exchange for five million nxt. The hacker then became impatient- and hostile."
“So, what taking so long? Send me the next batch already. I’m going to leave soon. It’s already 2 hours of negotiation, it took me 1 hour to clean your whole exchanger. BTC 500+ I’m not going to sit here, and wait 2 more hours for you to decide to send the lousy 10 BTC.”
"BTER sent another 100 BTC for the remaining Nxt but received nothing in return as the hacker went silent. 3 options were on the table: offer more BTC to the hacker, a 310 BTC bounty for hunting him down, or implement a fork/rollback."
"Several hours ago, there were reports of more nxt being returned to BTER."
BTER Platform Reopening
"Although [BTER] had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner."
Total Amount Recovered
The BTER platform was able to negotiate with the hacker to return most of the funds in exchange for bitcoin.
Ongoing Developments
Inside Job Speculations
"The convoluted series of events, including the hacker’s willingness to negotiate after the decision not to fork, have led some to speculate that it was an inside job."
General Prevention Policies
The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device.
Individual Prevention Policies
When using any third party custodial platform (such as for trading), it is important to verify that the platform has a full backing of all assets, and that assets have been secured in a proper multi-signature wallet held by several trusted and trained individuals. If this can't be validated, then users should avoid using that platform. Unfortunately, most centralized platforms today still do not provide the level of transparency and third party validation which would be necessary to ensure that assets have been kept secure and properly backed. Therefore, the most effective strategy at present remains to learn proper self custody practices and avoid using any third party custodial platforms whenever possible.
Store the majority of funds offline. By offline, it means that the private key and/or seed phrase is exclusively held by you and not connected to any networked device. Examples of offline storage include paper wallets (seed phrase or key written down and deleted from all electronic media), hardware wallets, steel wallet devices, etc...
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.
All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.
Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.
Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ 30+ Cryptocurrency Exchange Hacks - A Comprehensive List (Aug 9, 2021)
- ↑ 2.0 2.1 Hackers Steal $1.65 Million in NXT from BTER Exchange - CoinDesk (Accessed Aug 9, 2021)
- ↑ Hackers Steal $1.65 Million in NXT from BTER Exchange (Sep 18, 2021)
- ↑ BTER Hacked, NXT PoS at work | Bitcoinist.com (Sep 18, 2021)
- ↑ BTER.com saved from insolvency. Hacker returns funds in undisclosed deal. (USD ~1.5 M returned) : Bitcoin (Sep 18, 2021)
- ↑ Nxt gains upper hand after $1.65m worth of Nxt stolen from BTER | Finance Magnates (Sep 18, 2021)
- ↑ $1.75 Million in Bitcoin Stolen from Chinese BTER Bitcoin Exchange (Sep 18, 2021)
- ↑ BTER Exchange: Fees, Review, Coins - BitcoinWiki (Aug 9, 2021)
- ↑ SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
- ↑ https://nxtforum.org/news-and-announcements/forgers-have-been-faced-with-a-choice/
- ↑ https://web.archive.org/web/20140818084659/https://www.mynxt.info/blockexplorer/details.php?action=ac&ac=1244396688755618309
- ↑ https://www.reddit.com/r/Bitcoin/comments/2ds5ty/btercom_saved_from_insolvency_hacker_returns/
- ↑ BTER - "Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated." - Twitter (Accessed Sep 19, 2024)
- ↑ BTER - "We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him." - Twitter (Accessed Sep 19, 2024)