XT.com Exchange Hot Wallet Breach
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
XT.com has operated a Seychelles-based exchange since 2018. On November 27th, 2024, their hot wallet was breached, and $1.7m worth of various assets were taken. The exchange immediately suspended withdrawals and provided updates. They also appear to have provided a highly positive account for CoinTelegraph, who published it without question (and with a disclaimer/attribution at the bottom). They have assured users of the platform that their assets are unaffected and reportedly re-enabled withdrawals.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]
About XT.com
"XT.COM Exchange was established in 2018 and registered in Seychelles. It has operation centers in Seychelles, Europe and other countries and regions, and its business covers the world. The platform owns the global top-level domain name www.xt.com, currently has more than 7.8 million registered users, more than 1 million monthly active users, and more than 40 million user traffic in the ecosystem."
"XT.COM is a comprehensive trading platform that supports 800+ high-quality currencies and 1000+ trading pairs. It has a rich variety of transactions such as spot trading, futures trading, margin trading, OTC trading and buying cryptos with credit cards. XT provides users with the safest, most efficient and professional digital asset investment services."
"2024 was a transformative year for XT.COM, a year filled with groundbreaking events, strategic collaborations, and innovative product launches that elevated its position as a leader in the cryptocurrency industry. By driving community growth, enhancing user experience, and championing blockchain innovation, XT.COM not only solidified its reputation as one of the most influential crypto exchanges, but also opened new doors for its global user base."
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
"The cryptocurrency exchange XT has reportedly fallen victim to a hacking incident, resulting in the loss of approximately $1.7 million worth of crypto assets."
| Date | Event | Description |
|---|---|---|
| November 27th, 2024 6:48:00 PM MST | Unwavering Support Thanks | The XT.com exchange wants "to take a moment to thank [their] incredible community for [their] unwavering support in the crypto journey. Together, [XT.com has] navigated the ups and downs of the market, and with [the community's] trust, [they] continue to innovate and push boundaries." |
| November 27th, 2024 11:48:59 PM MST | First Malicious Withdrawal | The first withdrawal appears to remove 7,849,266.9462263 wQuil from the hot wallet. |
| November 28th, 2024 12:03:59 AM MST | Last Malicious Withdrawal | The final withdrawal appears to remove the remaining ethereum from the hot wallet. |
| November 28th, 2024 2:53:00 AM MST | XT Exchange Statement | XT Exchange releases their "XT Statement on Abnormal Transfer of Platform Wallet Assets" tweet, which states that users will not be affected by the incident. However, withdrawals are disabled and many users report being unable to withdraw their funds. |
| November 28th, 2024 3:04:43 AM MST | Website Final Version | The official announcement on the XT Exchange website is updated to the final version. |
| November 28th, 2024 6:14:00 AM MST | Live Broadcasting | The XT Exchange team is live on a broadcast for users. |
| November 28th, 2024 7:24:00 AM MST | Withdrawals Back Online | The XT Exchange reports that they've identified the issue and withdrawals are starting to come back online, with the expectation that all withdrawals will be back online within 24 hours. |
| November 28th, 2024 9:48:00 AM MST | CoinTelegraph Thanks | XT Exchange thanks CoinTelegraph for a positive press release about the "robust response to abnormal wallet asset transfers". |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $1,700,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"Today, XT.COM identified an abnormal transfer of assets from the platform wallet with the on-chain address 0xdb3ded7731c781224ec292e2163d9554c094fd7c. Our technical team is currently conducting an urgent investigation. The amount involved in this incident is approximately 1 million USDT across 12 different currencies. These assets are owned by the platform and will not in any way harm the interests of our customers or users.
Since inception, XT.COM has always upheld a user-centric approach, maintaining strict and standardized platform fund management while prioritizing the security of user assets. We have established asset reserve funds 1.5 times greater than those of users on the exchange. Additionally, we plan to launch the Merkel Tree Asset Proof System in mid-December to further enhance transparency and security.
Over the past 6 years, we express our gratitude for the support and companionship of our valued users. Every challenge along our growth journey has only made us stronger. XT.COM remains committed to its founding principles and aims to be a trusted and conscientious exchange within the industry."
"We are aware of concerns regarding recent abnormal asset transfers. Rest assured, users' assets remain safe and unaffected. The affected assets belong to the exchange, and we’re taking immediate action, including launching a Merkle Tree Proof of Reserves by mid-December to enhance transparency."
"The first step XT.COM took in response to the abnormal activity was the immediate isolation of the affected systems. This critical move helped to prevent further unauthorized access or data breaches, thereby containing the issue quickly before it could escalate.
By isolating these systems, XT.COM ensured the protection of its broader platform infrastructure and user accounts from potential threats."
"To mitigate additional risks, the platform made the decision to temporarily suspend all coin withdrawals. This precautionary action minimized the potential for further losses, securing the integrity of assets while allowing the team to conduct a detailed investigation into the incident.
Users were promptly informed about the withdrawal suspension, with XT.COM’s team providing consistent updates to maintain transparency."
"XT.COM’s seasoned security team immediately launched a thorough investigation to identify the root cause of the abnormal transfer. This investigation was critical to understanding how and why the incident occurred in order to develop a strategic response plan and ensure that such occurrences are avoided in the future."
"From the moment the incident was detected, XT.COM stayed committed to open communication. The platform quickly informed its users and the wider community about the nature of the abnormal transfer and outlined the key steps being taken to address the situation.
Through its announcements, XT.COM prioritized keeping stakeholders informed, ensuring that users felt reassured and aware of the ongoing effort to resolve the matter."
"This publication is provided by the client. Cointelegraph does not endorse and is not responsible for or liable for any content, accuracy, quality, advertising, products, or other materials on this page. Readers should do their own research before taking any actions related to the company. Cointelegraph is not responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods, or services mentioned in the press release."
Ultimate Outcome
"The hacker has converted the funds into 461.58 ETH and deposited them into the address 0xB43f…8F83."
"We sincerely apologize for the temporary suspension of withdrawals on Nov 28, 2024. Our team identified and fixed an issue to ensure user asset security. Withdrawal services will gradually resume starting 00:00 (UTC) on Nov 29, 2024, with full restoration within 24 hours. User assets remain safe throughout the process. Thank you for your understanding and continued support. #XT"
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ @XTexchange Twitter (Accessed Jan 17, 2025)
- ↑ @VeridiseInc Twitter (Accessed Jan 17, 2025)
- ↑ https://xtsupport.zendesk.com/hc/en-us/articles/40528847749657-XT-COM-Statement-on-Abnormal-Transfer-of-Platform-Wallet-Assets (Accessed Jan 17, 2025)
- ↑ XT.COM in 2024: Milestones That Shaped the Crypto World | by XT Exchange | Dec, 2024 | Medium (Accessed Jan 17, 2025)
- ↑ https://www.instagram.com/xt.com_exchange/ (Accessed Jan 17, 2025)
- ↑ @XTexchange Twitter (Accessed Jan 17, 2025)
- ↑ @XTexchange Twitter (Accessed Jan 17, 2025)
- ↑ @XTexchange Twitter (Accessed Jan 17, 2025)
- ↑ @XTexchange Twitter (Accessed Jan 17, 2025)
- ↑ https://cointelegraph.com/press-releases/xtcoms-robust-response-to-abnormal-wallet-asset-transfers (Accessed Jan 17, 2025)
- ↑ Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Jan 17, 2025)
- ↑ Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Jan 17, 2025)
- ↑ Token Transfer | Etherscan (Accessed Jan 17, 2025)
- ↑ Address 0xdb3ded7731c781224ec292e2163d9554c094fd7c | Etherscan (Accessed Jan 17, 2025)
- ↑ Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Jan 17, 2025)
- ↑ Crypto Exchange | Bitcoin Exchange | Buy/Sell Bitcoin, Ethereum, and Altcoins | XT.com (Accessed Jan 17, 2025)
- ↑ About Us | XT.com (Accessed Jan 17, 2025)
- ↑ @XTexchange Twitter (Accessed Jan 17, 2025)