Bitrue Hot Wallet Breach: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/bitruehotwalletbreach.php}}
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/bitruehotwalletbreach.php}}
{{Unattributed Citations}}
{{Unattributed Sources}}


[[File:Bitrue.jpg|thumb|Bitrue]]Singapore-based cryptocurrency exchange Bitrue was another exchange which suffered a hot wallet breach, apparently managing to bypass the review process of their Risk Control team. Bitrue has notified that all customers will be fully refunded and reportedly improved security significantly. A large portion of the lost funds were successfully frozen and returned through other platforms Huobi, Bittrex and ChangeNOW.
[[File:Bitrue.jpg|thumb|Bitrue]]Singapore-based cryptocurrency exchange Bitrue was another exchange which suffered a hot wallet breach, apparently managing to bypass the review process of their Risk Control team. Bitrue has notified that all customers will be fully refunded and reportedly improved security significantly. A large portion of the lost funds were successfully frozen and returned through other platforms Huobi, Bittrex and ChangeNOW.
Line 6: Line 6:
Last year, Bitrue set up hot wallet insurance with published addresses and balances. However, the assets in the fund are Ripple (currently undergoing a SEC litigation in the US) and Bitrue's own BTR token. It's entirely possible for a hack to coincide with challenges accessing the liquidity of these funds.
Last year, Bitrue set up hot wallet insurance with published addresses and balances. However, the assets in the fund are Ripple (currently undergoing a SEC litigation in the US) and Bitrue's own BTR token. It's entirely possible for a hack to coincide with challenges accessing the liquidity of these funds.


This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.
This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.<ref name="coindesk-29" /><ref name="businessinsider-89" /><ref name="cointelegraph-130" /><ref name="slowmisthacked-1160" /><ref name="cryptoxdirectory-2276" /><ref name="bitrueofficialtwitter-3592" /><ref name="bitrueofficialtwitter-3593" /><ref name="bitrue-3594" /><ref name="bitrue-3595" /><ref name="coindesk-4380" /><ref name="bitruezendesk-4381" /><ref name="bitruezendesk-4382" /><ref name="livenet-4383" /><ref name="altcoinbuzz-4384" /><ref name="pymnts-4385" /><ref name="bitrueofficialtwitter-4386" /><ref name="bithomp-4387" /><ref name="bitrueofficialtwitter-4388" /><ref name="beincrypto-4389" /><ref name="ccn-4390" /><ref name="bitruemedium-4391" /><ref name="selfkey-4392" /><ref name="yahoomovies-4393" /><ref name="zdnet-4394" /><ref name="thenextweb-4395" /><ref name="bitrueofficialtwitter-4396" /><ref name="bravenewcoin-4397" /><ref name="changenowiotwitter-8454" />
<ref name="coindesk-29" /><ref name="businessinsider-89" /><ref name="cointelegraph-130" /><ref name="slowmisthacked-1160" /><ref name="cryptoxdirectory-2276" /><ref name="bitrueofficialtwitter-3592" /><ref name="bitrueofficialtwitter-3593" /><ref name="bitrue-3594" /><ref name="bitrue-3595" /><ref name="coindesk-4380" /><ref name="bitruezendesk-4381" /><ref name="bitruezendesk-4382" /><ref name="livenet-4383" /><ref name="altcoinbuzz-4384" /><ref name="pymnts-4385" /><ref name="bitrueofficialtwitter-4386" /><ref name="bithomp-4387" /><ref name="bitrueofficialtwitter-4388" /><ref name="beincrypto-4389" /><ref name="ccn-4390" /><ref name="bitruemedium-4391" /><ref name="selfkey-4392" /><ref name="yahoomovies-4393" /><ref name="zdnet-4394" /><ref name="thenextweb-4395" /><ref name="bitrueofficialtwitter-4396" /><ref name="bravenewcoin-4397" /><ref name="changenowiotwitter-8454" />


== About Bitrue ==
== About Bitrue ==
Line 93: Line 92:
!Description
!Description
|-
|-
|June 16th, 2019 12:00:00 AM
|June 16th, 2019
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
Line 101: Line 100:
|
|
|}
|}
== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?


== Total Amount Lost ==
== Total Amount Lost ==
Line 120: Line 122:
== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
What parts of this case are still remaining to be concluded?
== General Prevention Policies ==
If it can’t be put in a proper offline multi-signature wallet, it can’t be depended upon to stay intact. Bitrue has now implemented a form of self-insurance on their assets, which should help significantly. One way to improve that system would be to have the insurance in a currency which is highly liquid, not tied to their platform, and not the subject of ongoing litigation with the SEC.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
{{Prevention:Individuals:End}}
== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:End}}
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}


== Prevention Policies ==
{{Prevention:Regulators:End}}
If it can’t be put in a proper offline multi-signature wallet, it can’t be depended upon to stay intact. Bitrue has now implemented a form of self-insurance on their assets, which should help significantly. One way to improve that system would be to have the insurance in a currency which is highly liquid, not tied to their platform, and not the subject of ongoing litigation with the SEC.


== References ==
== References ==
<references><ref name="coindesk-29">[https://www.coindesk.com/upbit-is-the-sixth-major-crypto-exchange-hack-of-2019 Upbit Is the Seventh Major Crypto Exchange Hack of 2019 - CoinDesk] (Feb 3, 2020)</ref>
<references><ref name="coindesk-29">[https://www.coindesk.com/upbit-is-the-sixth-major-crypto-exchange-hack-of-2019 Upbit Is the Seventh Major Crypto Exchange Hack of 2019 - CoinDesk] (Feb 4, 2020)</ref>


<ref name="businessinsider-89">[https://www.businessinsider.com/the-biggest-cryptocurrency-scams-and-arrests-of-2019-so-far-2019-8 The biggest cryptocurrency scams and arrests of 2019 - Business Insider] (Feb 14, 2020)</ref>
<ref name="businessinsider-89">[https://www.businessinsider.com/the-biggest-cryptocurrency-scams-and-arrests-of-2019-so-far-2019-8 The biggest cryptocurrency scams and arrests of 2019 - Business Insider] (Feb 15, 2020)</ref>


<ref name="cointelegraph-130">[https://cointelegraph.com/news/most-significant-hacks-of-2019-new-record-of-twelve-in-one-year Most Significant Hacks of 2019 — New Record of Twelve in One Year] (Feb 22, 2020)</ref>
<ref name="cointelegraph-130">[https://cointelegraph.com/news/most-significant-hacks-of-2019-new-record-of-twelve-in-one-year Most Significant Hacks of 2019 — New Record of Twelve in One Year] (Feb 23, 2020)</ref>


<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 25, 2021)</ref>
<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 26, 2021)</ref>


<ref name="cryptoxdirectory-2276">[https://cryptoxdirectory.com/hacked_2019 The 23 exchange hacks of 2019] (Aug 7, 2021)</ref>
<ref name="cryptoxdirectory-2276">[https://cryptoxdirectory.com/hacked_2019 The 23 exchange hacks of 2019] (Aug 8, 2021)</ref>


<ref name="bitrueofficialtwitter-3592">[https://twitter.com/BitrueOfficial/status/1100945910513557509 @BitrueOfficial Twitter] (Sep 28, 2021)</ref>
<ref name="bitrueofficialtwitter-3592">[https://twitter.com/BitrueOfficial/status/1100945910513557509 @BitrueOfficial Twitter] (Sep 29, 2021)</ref>


<ref name="bitrueofficialtwitter-3593">[https://twitter.com/BitrueOfficial/status/1100254551834189824 @BitrueOfficial Twitter] (Sep 28, 2021)</ref>
<ref name="bitrueofficialtwitter-3593">[https://twitter.com/BitrueOfficial/status/1100254551834189824 @BitrueOfficial Twitter] (Sep 29, 2021)</ref>


<ref name="bitrue-3594">[https://www.bitrue.com/ Bitrue - Leading Digital Assets Exchange] (Sep 14, 2021)</ref>
<ref name="bitrue-3594">[https://www.bitrue.com/ Bitrue - Leading Digital Assets Exchange] (Sep 15, 2021)</ref>


<ref name="bitrue-3595">[https://www.bitrue.com/exchange-web/footer/aboutus.html About Us] (Sep 14, 2021)</ref>
<ref name="bitrue-3595">[https://www.bitrue.com/exchange-web/footer/aboutus.html About Us] (Sep 15, 2021)</ref>


<ref name="coindesk-4380">[https://www.coindesk.com/markets/2019/06/27/singapore-exchange-bitrue-hacked-for-over-4-million-in-crypto/ Singapore Exchange Bitrue Hacked for Over $4 Million in Crypto - CoinDesk] (Dec 12, 2021)</ref>
<ref name="coindesk-4380">[https://www.coindesk.com/markets/2019/06/27/singapore-exchange-bitrue-hacked-for-over-4-million-in-crypto/ Singapore Exchange Bitrue Hacked for Over $4 Million in Crypto - CoinDesk] (Dec 12, 2021)</ref>

Latest revision as of 13:21, 1 May 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Bitrue

Singapore-based cryptocurrency exchange Bitrue was another exchange which suffered a hot wallet breach, apparently managing to bypass the review process of their Risk Control team. Bitrue has notified that all customers will be fully refunded and reportedly improved security significantly. A large portion of the lost funds were successfully frozen and returned through other platforms Huobi, Bittrex and ChangeNOW.

Last year, Bitrue set up hot wallet insurance with published addresses and balances. However, the assets in the fund are Ripple (currently undergoing a SEC litigation in the US) and Bitrue's own BTR token. It's entirely possible for a hack to coincide with challenges accessing the liquidity of these funds.

This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28]

About Bitrue

"Bitrue is the most secure and advanced online platform for buying, selling, transferring, and storing digital currency." "Bitrue exchange is established by a group of blockchain enthusiasts and focus on cryptocurrency trading. We [are] dedicate[d] to providing safe and convenient service for cryptocurrency trading, and being the best aggregator of qualified cryptocurrency all over the world." "We have offices in US, Europe and Asia Pacific. We make our collective knowledge, experience and global network available to our users."

"At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in Bitrue's Risk Control team's 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges."

"[H]ackers stole $4.5 million in personal funds from 90 users of Singapore-based cryptocurrency exchange Bitrue. They accessed Bitrue’s hot wallet, which is connected to the internet and is easily accessible, unlike a cold wallet, which is stored offline and therefore cannot be hacked." "Bitrue further detailed that 9.3 million XRP, worth $4.01 million, and 2.5 million cardano (ADA), worth $231,800, had been accessed and transferred off its platform." "According to the release, the breach affected just 90 users, each of which had an average of $50,000 stolen from their wallets."

"Bitrue’s first action was to shut down all activity on the platform." "The website’s homepage was replaced with a message saying Bitrue is currently undergoing “scheduled maintenance.”" "Bitrue is being applauded by the crypto community for its swift, professional response to the incident. The exchange promptly detected the attack and immediately responded to the security breach to mitigate the loss of further funds."

"According to the Bitrue team, 100 percent of lost funds will be returned to users and it is working to ensure that a similar security breach does not happen in the future." "[P]lease let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again."

"The hacker quickly sent those funds to different exchanges." "Bitrue conducted an analysis of the hacker’s activity and was able to determine which exchanges the funds were being sent to." "Luckily all transactions were visible on the blockchain and Bitrue teamed up with Houbi, Bittrex, and ChangeNOW to freeze the addresses that received the coins." "Bitrue is working with the Huobi, Bittrex and ChangeNOW exchanges and says they have frozen funds and accounts associated with the hack."

"The attack was soon detected, and activity was temporarily suspended on Bitrue. We alerted the receiving exchanges about the situation, and wish to extend our thanks to @HuobiGlobal, @BittrexExchange and @ChangeNOW_io for their help in freezing the affected funds and accounts."

"Right now we are conducting an emergency inspection of the exchange and hope to be live again as soon as possible with log in & trading functionality. Withdrawals will be offline for a slightly longer period while we continue investigating the situation."

"Bitrue is now working with authorities in Singapore to help track down the hackers and potentially recover the stolen funds where possible." "We have also contacted the relevant authorities in Singapore to assist us in tracking down the culprit and retrieving the stolen funds. We will update everyone when we have more news to share."

"The team also released a funds tracker, allowing users to track the movement of stolen XRP." "The flow of the stolen funds can be tracked [on the XRP blockchain]. If you have any information about this breach, please contact us at support@bitrue.com or DM us on twitter, @BitrueOfficial"

"@Exmo_Com have let us know that they were also able to freeze some of the funds that the hackers took, and we will work together to recover them. Thank you so much for your help EXMO!"

"Bitrue said it is conducting an emergency inspection of its systems and aims to be up and running normally again "as soon as possible."" "The team says they will be up and running in no time."

"While Bitrue is communicating openly about the hack, it originally confused users after it announced it would be performing unscheduled “temporary maintenance,” that would last “about 15-18 hours.”" "Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users." "Once again, I want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible."

"We're happy to announce that log in & trading services are live again on Bitrue. Additionally, any user accounts that were affected by the breach have had their assets replaced, as per the Bitrue insurance policy. Thank you so much to everyone who has supported us."

"If you deposited funds during the downtime, they will not arrive until our deposit function is back online. This will happen alongside withdrawals coming back online, which will be within 3 working days. We'll update with more info when we can."

"We are going to make sure that deposits are available at the time that BTR trading goes live. If need be, this means that we will push the launch of BTR trading back slightly. We'll work hard to avoid this happening, but we want everyone to know that it is a possibility."

"Since the hack occurred, both Ripple and Cardano have witnessed significant losses, with both cryptocurrencies down more than 10% in the last 24 hours, alongside the cryptocurrency market in general. As it stands, it doesn’t appear that the hack is directly responsible for the recent crash."

"Huobi, Bittrex and ChangeNOW froze the funds on their exchanges, totaling approximately $1.35 million. This frozen amount should be recoverable by Bitrue in the future after working with the authorities and exchanges."

"After recovering the frozen assets, the net loss to Bitrue will be $3.15 million USD. This total includes $1.89 million USD lost from individual user accounts, and $1.26 million USD lost from Bitrue’s own hot wallet. The funds lost by user accounts were insured and were replaced from Bitrue’s own wallet."

"Withdrawal and deposit services were down for longer, but came back online early on July 4. Full service took a little longer than expected — we add XRP to accounts by scanning the XRP ledger for funds sent to our wallet. When Bitrue came back up we had to scan every block since the time that we went down until now. All 165,000 blocks that were created during the downtime have now been scanned & users have been credited."

"After working around the clock we are pleased to say that deposits and withdrawals are online in Bitrue in time for BTR trading to go live!"

"We are going to phase out the existing API keys for our API users on July 5 11:00 (GMT+8), as an extra security measure. Users will be able to apply for new API keys afterwards."

"To improve the transparency of our operations and increase the level of trust in our exchange, we are currently building a new multi-sig secure wallet which will contain our insurance fund. This insurance fund will contain within it an amount of assets that exceeds the value of the coins that remain within our hot wallets at any one time. In the unlikely event of a security breach resulting in user funds being taken from our hot wallets, users will be reimbursed using this insurance fund."

"As we previously promised, we have now finished establishing our new wallets containing our insurance funds. These new wallets are multi-sig and contain within them an amount of assets that exceeds the value of the coins that remain within our hot wallets at any one time. In the unlikely event of a security breach resulting in user funds being taken from our hot wallets, users will be reimbursed using this insurance fund. We are the first exchange to keep these addresses open for public viewing, as we believe full transparency is the best way for our users to build faith in us."

This exchange or platform is based in Singapore, or the incident targeted people primarily in Singapore.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Bitrue Hot Wallet Breach
Date Event Description
June 16th, 2019 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $4,500,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

The total amount recovered has been estimated at $1,350,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

If it can’t be put in a proper offline multi-signature wallet, it can’t be depended upon to stay intact. Bitrue has now implemented a form of self-insurance on their assets, which should help significantly. One way to improve that system would be to have the insurance in a currency which is highly liquid, not tied to their platform, and not the subject of ongoing litigation with the SEC.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Upbit Is the Seventh Major Crypto Exchange Hack of 2019 - CoinDesk (Feb 4, 2020)
  2. The biggest cryptocurrency scams and arrests of 2019 - Business Insider (Feb 15, 2020)
  3. Most Significant Hacks of 2019 — New Record of Twelve in One Year (Feb 23, 2020)
  4. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
  5. The 23 exchange hacks of 2019 (Aug 8, 2021)
  6. @BitrueOfficial Twitter (Sep 29, 2021)
  7. @BitrueOfficial Twitter (Sep 29, 2021)
  8. Bitrue - Leading Digital Assets Exchange (Sep 15, 2021)
  9. About Us (Sep 15, 2021)
  10. Singapore Exchange Bitrue Hacked for Over $4 Million in Crypto - CoinDesk (Dec 12, 2021)
  11. https://bitrue.zendesk.com/hc/en-001/articles/360046727794 (Dec 12, 2021)
  12. https://bitrue.zendesk.com/hc/en-001/articles/360049715433-Bitrue-s-New-Insurance-Wallet-Is-Live (Dec 12, 2021)
  13. XRPL Explorer (Dec 12, 2021)
  14. https://www.altcoinbuzz.io/cryptocurrency-news/finance-and-funding/bitrue-hacked-for-4-2-million-in-xrp-and-ada-assets/ (Dec 12, 2021)
  15. https://www.pymnts.com/cryptocurrency/2019/major-crypto-hacks/ (Dec 12, 2021)
  16. @BitrueOfficial Twitter (Dec 12, 2021)
  17. rwSvajJ4ZNhjgzcfaJWkEuLh4VURTFHuka (Dec 12, 2021)
  18. @BitrueOfficial Twitter (Dec 12, 2021)
  19. Singapore-based Cryptocurrency Exchange Bitrue Hacked for $4.5 Million - BeInCrypto (Dec 12, 2021)
  20. https://www.ccn.com/hackers-steal-4-million-in-xrp-and-ada-from-singaporean-crypto-exchange-bitrue/ (Dec 12, 2021)
  21. Were Back Online Stronger Than Ever (Dec 12, 2021)
  22. A Comprehensive List of Cryptocurrency Exchange Hacks - SelfKey (Dec 12, 2021)
  23. Singapore Exchange Bitrue Hacked for Over $4 Million in Crypto (Dec 12, 2021)
  24. Hacker steals $4.5 million from Bitrue cryptocurrency exchange | ZDNet (Dec 12, 2021)
  25. Hackers breach cryptocurrency exchange Bitrue for $4.2M in Ripple and Cardano (Dec 12, 2021)
  26. @BitrueOfficial Twitter (Dec 12, 2021)
  27. Exchanges’ response to Bitrue hack shows maturing industry » Brave New Coin (Dec 12, 2021)
  28. @ChangeNOW_io Twitter (Jul 11, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitrue_Hot_Wallet_Breach&oldid=3676"