Cryptocurrency exchange Bitrue has suffered a hot wallet exploit, which has allowed attackers to withdraw nearly $23 million worth of various crypto assets.
Announcing the news on April 14, Bitrue said that he had to temporarily suspend all withdrawals due to a “brief exploit” of his hot wallet. The company expects to reopen withdrawals on April 18, 2023, after conducting additional security checks.
3/4: To conduct additional security checks, Bitrue will temporarily suspend all withdrawals and will reopen withdrawals on 18 April 2023. We seek your understanding and patience at this time. All identified users who are affected by this incident will be fully compensated.
—Bitrue (@BitrueOfficial) April 14, 2023
Bitrue highlighted that it was able to address the matter quickly, allowing the platform to prevent further leakage of funds. “We take this matter very seriously and are currently investigating the situation.” Bitrue stated, adding that the affected hot wallet only represented less than 5% of the exchange’s total funds. The company wrote:
“The rest of our wallets remain secure and have not been compromised. We are conducting a thorough security review and will keep you informed as we progress.”
Bitrue executives promised to fully compensate all identified users affected by the incident. According to the announcement, the affected tokens in the compromised hot wallet included Ether (ETH), Shiba Inu (shib), Quant (QNT), Gala (GALA), Holo (HOT), and Polygon (MATIC).
As previously reported, hackers have increasingly turned to decentralized finance (DeFi) protocol hacks in recent years, moving slightly away from traditional centralized exchanges. In the first three months of 2022, attacks on cryptocurrency exchanges accounted for only 3% of all stolen cryptocurrency, while the other 97% came from DeFi protocols, according to Chainalysis data.
Founded in Singapore in 2018, Bitrue is a popular centralized cryptocurrency exchange, which move about $2 billion worth of cryptocurrency on average per day, according to data from CoinGecko. The company has been hacked in the past, losing nearly $5 million worth of Cardano (ADA) due to a hot wallet hack in 2019.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.