HotBit Downtime and Privacy Breach: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/hotbitdowntimeandprivacybreach.php}}
{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/hotbitdowntimeandprivacybreach.php}}
{{Unattributed Citations}}
{{Unattributed Sources}}


[[File:Hotbit.jpg|thumb|HotBit]]The Hotbit exchange was attacked, putting $14m in hot wallet assets at risk. In this case, the situation was lucky because the risk control system kicked in to prevent the theft and funds were moved to cold storage before the attacker could steal them.
[[File:Hotbit.jpg|thumb|HotBit]]The Hotbit exchange was attacked, putting $14m in hot wallet assets at risk. In this case, the situation was lucky because the risk control system kicked in to prevent the theft and funds were moved to cold storage before the attacker could steal them.


This exchange or platform is based in China, or the incident targeted people primarily in China.
This exchange or platform is based in China, or the incident targeted people primarily in China.<ref name="chainbulletin-2910" /><ref name="slowmisthacked-1160" /><ref name="hotbit-2911" /><ref name="hotbit-2912" /><ref name="firebounty-2913" /><ref name="hackenproof-2914" /><ref name="hotbitzendesk-2915" /><ref name="reddit-2916" /><ref name="newsdotbitcoin-2917" /><ref name="reddit-2918" /><ref name="cointelegraph-2919" /><ref name="hotbitnewstwitter-2920" /><ref name="hotbitnewstwitter-2921" /><ref name="hotbitnewstwitter-2922" /><ref name="hotbitnewstwitter-2923" /><ref name="hotbitnewstwitter-2924" /><ref name="hotbitnewstwitter-2925" /><ref name="hotbitnewstwitter-2926" /><ref name="hotbitnewstwitter-2927" /><ref name="hotbitnewstwitter-2928" /><ref name="hotbitnewstwitter-2929" /><ref name="hotbitnewstwitter-2930" /><ref name="hotbitnewstwitter-2931" /><ref name="hotbitnewstwitter-2932" /><ref name="hotbitnewstwitter-2933" /><ref name="hotbitnewstwitter-2934" /><ref name="hotbitnewstwitter-2935" /><ref name="hotbitnewstwitter-2936" /><ref name="hotbitnewstwitter-2937" /><ref name="hotbitzendesk-2938" /><ref name="latesthackingnews-2939" /><ref name="investingdotcom-2940" /><ref name="globalcryptopress-2941" />
<ref name="chainbulletin-2910" /><ref name="slowmisthacked-1160" /><ref name="hotbit-2911" /><ref name="hotbit-2912" /><ref name="firebounty-2913" /><ref name="hackenproof-2914" /><ref name="hotbitzendesk-2915" /><ref name="reddit-2916" /><ref name="newsdotbitcoin-2917" /><ref name="reddit-2918" /><ref name="cointelegraph-2919" /><ref name="hotbitnewstwitter-2920" /><ref name="hotbitnewstwitter-2921" /><ref name="hotbitnewstwitter-2922" /><ref name="hotbitnewstwitter-2923" /><ref name="hotbitnewstwitter-2924" /><ref name="hotbitnewstwitter-2925" /><ref name="hotbitnewstwitter-2926" /><ref name="hotbitnewstwitter-2927" /><ref name="hotbitnewstwitter-2928" /><ref name="hotbitnewstwitter-2929" /><ref name="hotbitnewstwitter-2930" /><ref name="hotbitnewstwitter-2931" /><ref name="hotbitnewstwitter-2932" /><ref name="hotbitnewstwitter-2933" /><ref name="hotbitnewstwitter-2934" /><ref name="hotbitnewstwitter-2935" /><ref name="hotbitnewstwitter-2936" /><ref name="hotbitnewstwitter-2937" /><ref name="hotbitzendesk-2938" /><ref name="latesthackingnews-2939" /><ref name="investingdotcom-2940" /><ref name="globalcryptopress-2941" />


== About HotBit ==
== About HotBit ==
Line 81: Line 80:
!Description
!Description
|-
|-
|April 29th, 2021 12:00:00 AM
|April 29th, 2021
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
Line 89: Line 88:
|
|
|}
|}
== Technical Details ==
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?


== Total Amount Lost ==
== Total Amount Lost ==
Line 108: Line 110:
== Ongoing Developments ==
== Ongoing Developments ==
What parts of this case are still remaining to be concluded?
What parts of this case are still remaining to be concluded?
== General Prevention Policies ==
No customer assets were lost in this case. This was a lucky case in which the automated systems performed as expected. Our framework does not yet include protections for customer information, however it seems that a better system would avoid exchanges needing to handle that personal information.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}
{{Prevention:Individuals:End}}
== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}
{{Prevention:Platforms:End}}
== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}


== Prevention Policies ==
{{Prevention:Regulators:End}}
No customer assets were lost in this case. This was a lucky case in which the automated systems performed as expected. Our framework does not yet include protections for customer information, however it seems that a better system would avoid exchanges needing to handle that personal information.


== References ==
== References ==
<references><ref name="chainbulletin-2910">[https://chainbulletin.com/hotbit-shuts-down-after-unsuccessful-hack-attempt/ Hotbit Shuts Down After Unsuccessful Hack Attempt - The Chain Bulletin] (Aug 2, 2021)</ref>
<references><ref name="chainbulletin-2910">[https://chainbulletin.com/hotbit-shuts-down-after-unsuccessful-hack-attempt/ Hotbit Shuts Down After Unsuccessful Hack Attempt - The Chain Bulletin] (Aug 3, 2021)</ref>


<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 25, 2021)</ref>
<ref name="slowmisthacked-1160">[https://hacked.slowmist.io/en/?c=Exchange SlowMist Hacked - SlowMist Zone] (Jun 26, 2021)</ref>


<ref name="hotbit-2911">[https://www.hotbit.io/ Hotbit-The World’s Leading Cryptocurrency Trading Platform, BTC Trading, ETH Trading, XRP Trading | Hotbit] (Aug 30, 2021)</ref>
<ref name="hotbit-2911">[https://www.hotbit.io/ Hotbit-The World’s Leading Cryptocurrency Trading Platform, BTC Trading, ETH Trading, XRP Trading | Hotbit] (Aug 31, 2021)</ref>


<ref name="hotbit-2912">[https://www.hotbit.io/about?page=aboutUs About Hotbit] (Aug 30, 2021)</ref>
<ref name="hotbit-2912">[https://www.hotbit.io/about?page=aboutUs About Hotbit] (Aug 31, 2021)</ref>


<ref name="firebounty-2913">[https://firebounty.com/11537-hotbit/ FireBounty Hotbit Vulnerability Disclosure Program] (Aug 31, 2021)</ref>
<ref name="firebounty-2913">[https://firebounty.com/11537-hotbit/ FireBounty Hotbit Vulnerability Disclosure Program] (Sep 1, 2021)</ref>


<ref name="hackenproof-2914">[https://hackenproof.com/hotbit/hotbit Bug Bounty Program For Hotbit | HackenProof] (Aug 31, 2021)</ref>
<ref name="hackenproof-2914">[https://hackenproof.com/hotbit/hotbit Bug Bounty Program For Hotbit | HackenProof] (Sep 1, 2021)</ref>


<ref name="hotbitzendesk-2915">[https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-Hotbit-s-Announcement-on-Emergency-Maintenance Hotbit's Announcement on Emergency Maintenance] (Aug 31, 2021)</ref>
<ref name="hotbitzendesk-2915">[https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-Hotbit-s-Announcement-on-Emergency-Maintenance Hotbit's Announcement on Emergency Maintenance] (Sep 1, 2021)</ref>


<ref name="reddit-2916">[https://www.reddit.com/r/CryptoCurrency/comments/n1u5p8/hotbit_just_suffered_a_serious_cyber_attack/ Hotbit just suffered a serious cyber attack : CryptoCurrency] (Aug 31, 2021)</ref>
<ref name="reddit-2916">[https://www.reddit.com/r/CryptoCurrency/comments/n1u5p8/hotbit_just_suffered_a_serious_cyber_attack/ Hotbit just suffered a serious cyber attack : CryptoCurrency] (Sep 1, 2021)</ref>


<ref name="newsdotbitcoin-2917">[https://news.bitcoin.com/cryptocurrency-exchange-hotbit-hacked-2-million-users/ Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected – Exchanges Bitcoin News] (Aug 31, 2021)</ref>
<ref name="newsdotbitcoin-2917">[https://news.bitcoin.com/cryptocurrency-exchange-hotbit-hacked-2-million-users/ Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected – Exchanges Bitcoin News] (Sep 1, 2021)</ref>


<ref name="reddit-2918">[https://www.reddit.com/r/Bitcoin/comments/n3b2td/hotbit_hacked_about_2_million_users/ HotBit hacked... about 2 million users affected...Cannot be stressed enough but do not store your crypto in an exchange. : Bitcoin] (Aug 31, 2021)</ref>
<ref name="reddit-2918">[https://www.reddit.com/r/Bitcoin/comments/n3b2td/hotbit_hacked_about_2_million_users/ HotBit hacked... about 2 million users affected...Cannot be stressed enough but do not store your crypto in an exchange. : Bitcoin] (Sep 1, 2021)</ref>


<ref name="cointelegraph-2919">[https://cointelegraph.com/news/hotbit-crypto-exchange-shuts-down-for-maintenance-after-attempted-hack Hotbit crypto exchange shuts down for maintenance after attempted hack] (Aug 31, 2021)</ref>
<ref name="cointelegraph-2919">[https://cointelegraph.com/news/hotbit-crypto-exchange-shuts-down-for-maintenance-after-attempted-hack Hotbit crypto exchange shuts down for maintenance after attempted hack] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2920">[https://twitter.com/Hotbit_news/status/1387935638108864515 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2920">[https://twitter.com/Hotbit_news/status/1387935638108864515 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2921">[https://twitter.com/Hotbit_news/status/1388115394271932417 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2921">[https://twitter.com/Hotbit_news/status/1388115394271932417 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2922">[https://twitter.com/Hotbit_news/status/1388116454017359874 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2922">[https://twitter.com/Hotbit_news/status/1388116454017359874 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2923">[https://twitter.com/Hotbit_news/status/1388364452844609546 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2923">[https://twitter.com/Hotbit_news/status/1388364452844609546 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2924">[https://twitter.com/Hotbit_news/status/1388483561309687809 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2924">[https://twitter.com/Hotbit_news/status/1388483561309687809 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2925">[https://twitter.com/Hotbit_news/status/1388692307013083138 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2925">[https://twitter.com/Hotbit_news/status/1388692307013083138 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2926">[https://twitter.com/Hotbit_news/status/1388817674877038596 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2926">[https://twitter.com/Hotbit_news/status/1388817674877038596 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2927">[https://twitter.com/Hotbit_news/status/1388850188341547009 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2927">[https://twitter.com/Hotbit_news/status/1388850188341547009 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2928">[https://twitter.com/Hotbit_news/status/1389049466125099008 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2928">[https://twitter.com/Hotbit_news/status/1389049466125099008 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2929">[https://twitter.com/Hotbit_news/status/1389862767822196739 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2929">[https://twitter.com/Hotbit_news/status/1389862767822196739 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2930">[https://twitter.com/Hotbit_news/status/1389945480751112196 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2930">[https://twitter.com/Hotbit_news/status/1389945480751112196 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2931">[https://twitter.com/Hotbit_news/status/1390885517038788609 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2931">[https://twitter.com/Hotbit_news/status/1390885517038788609 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2932">[https://twitter.com/Hotbit_news/status/1391416094376677378 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2932">[https://twitter.com/Hotbit_news/status/1391416094376677378 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2933">[https://twitter.com/Hotbit_news/status/1391412873931284480 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2933">[https://twitter.com/Hotbit_news/status/1391412873931284480 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2934">[https://twitter.com/Hotbit_news/status/1391626351812046850 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2934">[https://twitter.com/Hotbit_news/status/1391626351812046850 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2935">[https://twitter.com/Hotbit_news/status/1392081011203137536 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2935">[https://twitter.com/Hotbit_news/status/1392081011203137536 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2936">[https://twitter.com/Hotbit_news/status/1392797299512799233 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2936">[https://twitter.com/Hotbit_news/status/1392797299512799233 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitnewstwitter-2937">[https://twitter.com/Hotbit_news/status/1393916317502111747 @Hotbit_news Twitter] (Aug 31, 2021)</ref>
<ref name="hotbitnewstwitter-2937">[https://twitter.com/Hotbit_news/status/1393916317502111747 @Hotbit_news Twitter] (Sep 1, 2021)</ref>


<ref name="hotbitzendesk-2938">[https://hotbit.zendesk.com/hc/en-us/articles/1500008874881 Hotbit's Announcement Regarding the Maintenance of Exchange Area and ETF Area on April 30th, 2021] (Aug 31, 2021)</ref>
<ref name="hotbitzendesk-2938">[https://hotbit.zendesk.com/hc/en-us/articles/1500008874881 Hotbit's Announcement Regarding the Maintenance of Exchange Area and ETF Area on April 30th, 2021] (Sep 1, 2021)</ref>


<ref name="latesthackingnews-2939">[https://latesthackingnews.com/2021/05/03/hotbit-crypto-exchange-confirmed-its-hacked-customers-personal-data-exposed/ Hotbit Crypto Exchange Confirmed It’s Hacked – Customers Data Exposed] (Aug 31, 2021)</ref>
<ref name="latesthackingnews-2939">[https://latesthackingnews.com/2021/05/03/hotbit-crypto-exchange-confirmed-its-hacked-customers-personal-data-exposed/ Hotbit Crypto Exchange Confirmed It’s Hacked – Customers Data Exposed] (Sep 1, 2021)</ref>


<ref name="investingdotcom-2940">[https://www.investing.com/news/cryptocurrency-news/crypto-exchange-hotbit-hacked-with-2m-users-affected-2492026 Crypto Exchange Hotbit Hacked With 2M Users Affected By CoinEdition] (Aug 31, 2021)</ref>
<ref name="investingdotcom-2940">[https://www.investing.com/news/cryptocurrency-news/crypto-exchange-hotbit-hacked-with-2m-users-affected-2492026 Crypto Exchange Hotbit Hacked With 2M Users Affected By CoinEdition] (Sep 1, 2021)</ref>


<ref name="globalcryptopress-2941">[https://www.globalcryptopress.com/2021/04/crypto-exchange-hotbit-hacked-funds-are.html Hotbit Exchange HACKED: Funds Are Safe, Network Vandalized - How Long Will It Be Offline? | Live Cryptocurrency News | Global Crypto Press | Live Bitcoin News] (Aug 31, 2021)</ref></references>
<ref name="globalcryptopress-2941">[https://www.globalcryptopress.com/2021/04/crypto-exchange-hotbit-hacked-funds-are.html Hotbit Exchange HACKED: Funds Are Safe, Network Vandalized - How Long Will It Be Offline? | Live Cryptocurrency News | Global Crypto Press | Live Bitcoin News] (Sep 1, 2021)</ref></references>

Latest revision as of 17:49, 2 May 2023

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

HotBit

The Hotbit exchange was attacked, putting $14m in hot wallet assets at risk. In this case, the situation was lucky because the risk control system kicked in to prevent the theft and funds were moved to cold storage before the attacker could steal them.

This exchange or platform is based in China, or the incident targeted people primarily in China.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33]

About HotBit

"According to CoinMarketCap, Hotbit had listed 1559 trading pairs in total and was ranked No. 1 among all exchanges regarding the number of types of cryptocurrency projects listed. Hotbit has accumulated 1,000,000+ registered users from more than 170 countries and areas all over the world, among which 90% of registered users are non-Chinese users. Hotbit started to distribute current deposit interests for its users, which means that Hotbit was the first cryptocurrency exchange in the world to offer daily current deposit interests to its users with no token lockup or freeze required."

"Founded in January 2018 and registered in both Hong Kong and Estonia, with its core team members from China, USA and Taiwan, Hotbit is currently based in Shanghai and Taipei." "Constantly introducing and listing high quality digital currencies from all over the world, providing users with various types of transactional services in most digital currencies. We provide 24/7 online customer support to ensure quick and readily available support when needed. With a built in Artificial Intelligence market maker that meets the high standards set by Wall Street, our model analysis based on over 250 market parameters, providing 24/7 Customer Support and high liquidity."

"Security issues have always been the pain of blockchain industry, which has always been one of the major concerns of Hotbit as well." "We conduct the multinodular structure which meets the requirements set by the IT surveillance logical structure from the Financial Industry, ensuring steady operations of our systems. The front and back-end designs, combined with our multi-node and multimodular distributed deployment, scales out our capacity and thus providing better service for our customers."

"Hotbit has already accumulated more than 700,000 registered users from more than 210 countries and areas all over the world. By focusing on the world's emerging markets such as the markets of Russia, Japan, South Korea, Turkey and Southeast Asian countries, Hotbit has gathered its users from Twitter, Telegram, WeChat, VK and Facebook. Join in Hotbit community, communicate and share your thoughts and experience of cryptocurrency with our experienced users from all over the world and gain an insight into the new trend of cryptocurrency industry."

Hotbit had set up a bug bounty with firebounty/hackenproof as of November 26th, 2020.

"The official announcement of the cryptocurrency exchange Hotbit stated that Hotbit had suffered a serious network attack starting at 20:00 UTC on April 29, 2021, causing some basic services to be paralyzed and the exchange was no longer able to log in. At the same time, the attacker also tried to hack into Hotbit's wallet, which Hotbit claimed was identified and blocked by the risk control system."

Addressing users on the exchange’s Telegram group, Alex Zhou, chief security officer of Hotbit, revealed that user funds were unaffected by the attack, stating: “The attacker tried to break into the wallet server to steal funds but the action was identified and blocked successfully by Hotbit risk control system. All users’ funds are safe.” "Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29,2021, which led to the paralyzation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system)."

"The Hotbit team decided to immediately shut down all services for inspection and recovery. The entire recovery period is expected to be no less than 7 days. Hotbit stated that all assets are safe."

The exchange says that it is “about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure security, Hotbit team will completely rebuild all servers.”

"While user funds remain safe, Hotbit warned its customers its database had been compromised during the attack, and that their phone number, email address and asset data might have been leaked." "The attacker has access to the database, so your email address, phone number, account balances, etc may be leaked. They claim that the passwords and 2FA secrets are encrypted, therefore they are safe (disclaimer: they might not). If your Hotbit password is the same as other accounts, they suggest making your passwords unique (you should be doing this already)" "[T]he Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange."

"The exchange explained that the attacker deleted the user database after failing to obtain assets. It also warned that “The attacker has already gained access to the database,” so users’ “registered phone number, email address and asset data” may have been leaked." "While stating that the database is backed up, the company says, “we are still uncertain whether the attacker has polluted data or not before the attack,” justifying the need for “a comprehensive inspection.”"

"In severe cases, hackers will leave themselves a backdoor into the database several days before the main hacking event. When a company restores what they believe is a clean copy of their database from a previous day, they're actually opening the door to them once again."

"According to Hotbit, the attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up , we are still uncertain whether the attacker has polluted data or not before the attack. Therefore, we also need to conduct a comprehensive inspection of the overall data."

"Hotbit is brining in outside cyber security firms for the process, which they say will take a minimum of 7 days, and possibly up to 3 weeks."

"Following the hack announcement, crypto transfers were spotted from Hotbit’s addresses. The exchange claims that the transfers resulted from them “creating new cold wallet.”" "In its Telegram channel the exchange explained it was now in the process of moving all funds from its hot wallet to a newly created cold wallet. Data from Etherscan has confirmed this, with tokens getting transferred from one of Hotbit’s known wallets to a new address, that holds around $14 million in multiple tokens."

“In the future, Hotbit team will continue to strengthen security departments. Meanwhile, by cooperating with world’s famous third-party Internet security teams, Hotbit will also conduct thorough inspection and investigation on the attack issue and thoroughly upgrade security level of the whole system.”

“All daily routine income distributions (such as investment products, current products and FIL cloud computing power ) will be paid out after the maintenance is completed .”

The last update from May 9th reports that "02:30 AM UTC More than 95% of the environment has been built, and the final performance optimization and security testing are carried out continuously to repair the inconsistency problems found in data verification. We will announce the relatively accurate external recovery steps of the platform in 12 hours"

Withdrawals appeared to start reopening for some assets around May 16th.

This exchange or platform is based in China, or the incident targeted people primarily in China.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - HotBit Downtime and Privacy Breach
Date Event Description
April 29th, 2021 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount at risk has been estimated at $14,000,000 USD. No funds were lost.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

No customer assets were lost in this case. This was a lucky case in which the automated systems performed as expected. Our framework does not yet include protections for customer information, however it seems that a better system would avoid exchanges needing to handle that personal information.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Hotbit Shuts Down After Unsuccessful Hack Attempt - The Chain Bulletin (Aug 3, 2021)
  2. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
  3. Hotbit-The World’s Leading Cryptocurrency Trading Platform, BTC Trading, ETH Trading, XRP Trading | Hotbit (Aug 31, 2021)
  4. About Hotbit (Aug 31, 2021)
  5. FireBounty Hotbit Vulnerability Disclosure Program (Sep 1, 2021)
  6. Bug Bounty Program For Hotbit | HackenProof (Sep 1, 2021)
  7. Hotbit's Announcement on Emergency Maintenance (Sep 1, 2021)
  8. Hotbit just suffered a serious cyber attack : CryptoCurrency (Sep 1, 2021)
  9. Cryptocurrency Exchange Hotbit Hacked: Systems Paralyzed, 2 Million Users Affected – Exchanges Bitcoin News (Sep 1, 2021)
  10. HotBit hacked... about 2 million users affected...Cannot be stressed enough but do not store your crypto in an exchange. : Bitcoin (Sep 1, 2021)
  11. Hotbit crypto exchange shuts down for maintenance after attempted hack (Sep 1, 2021)
  12. @Hotbit_news Twitter (Sep 1, 2021)
  13. @Hotbit_news Twitter (Sep 1, 2021)
  14. @Hotbit_news Twitter (Sep 1, 2021)
  15. @Hotbit_news Twitter (Sep 1, 2021)
  16. @Hotbit_news Twitter (Sep 1, 2021)
  17. @Hotbit_news Twitter (Sep 1, 2021)
  18. @Hotbit_news Twitter (Sep 1, 2021)
  19. @Hotbit_news Twitter (Sep 1, 2021)
  20. @Hotbit_news Twitter (Sep 1, 2021)
  21. @Hotbit_news Twitter (Sep 1, 2021)
  22. @Hotbit_news Twitter (Sep 1, 2021)
  23. @Hotbit_news Twitter (Sep 1, 2021)
  24. @Hotbit_news Twitter (Sep 1, 2021)
  25. @Hotbit_news Twitter (Sep 1, 2021)
  26. @Hotbit_news Twitter (Sep 1, 2021)
  27. @Hotbit_news Twitter (Sep 1, 2021)
  28. @Hotbit_news Twitter (Sep 1, 2021)
  29. @Hotbit_news Twitter (Sep 1, 2021)
  30. Hotbit's Announcement Regarding the Maintenance of Exchange Area and ETF Area on April 30th, 2021 (Sep 1, 2021)
  31. Hotbit Crypto Exchange Confirmed It’s Hacked – Customers Data Exposed (Sep 1, 2021)
  32. Crypto Exchange Hotbit Hacked With 2M Users Affected By CoinEdition (Sep 1, 2021)
  33. Hotbit Exchange HACKED: Funds Are Safe, Network Vandalized - How Long Will It Be Offline? | Live Cryptocurrency News | Global Crypto Press | Live Bitcoin News (Sep 1, 2021)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=HotBit_Downtime_and_Privacy_Breach&oldid=4014"