Singaporean cryptocurrency exchange, Bitrue, has become the target of a dreadful hack that targeted the funds in the platform’s hot wallet. Reportedly, the hack has caused the exchange to lose 9.3 million XRP and 2.5 million cardano (ADA). Bitrue happens to be among the leading digital asset exchanges in the country and is touted as the “most secure and advanced online platform for buying, selling, transferring, and storing digital currency”.
The platform broke the news of the breach on Twitter, stating that it happened at approximately 1:00 a.m. local time Thursday. According to its website, which is currently down while they work on reviewing and updating their security systems following the breach.
According to the exchange, a single hacker managed to exploit a vulnerability in their Risk Control team’s second review process and gained access to the funds of the platform. Purportedly, personal funds of about 90 Bitrue users were compromised in this exploitation.
The exchange also explained that the hacker cunningly used the knowledge they had gained from this breach to further access the Bitrue hot wallets. The perpetrators managed to move 9.3 million XRP and 2.5 million ADA from Bitrue to different exchanges.
As per the CoinMarketCap data, at the time of the breach the stolen funds would have been worth over $4.5 million in XRP (valued at $0.488) and $237,500 in ADA (valued at $0.095). Per the exchange, it didn’t take long for the Bitrue team to figure out the discrepancies and thereafter all activity on the exchange was suspended for a temporary period of time.
The platform also reached out to the other exchanges in the region, including Huobi, Bittrex and ChangeNow, explaining to them the rather inconvenient situation. Bitrue extended its gratitude to the exchanges, thanking them for their prompt cooperation as they helped in freezing the affected funds and accounts. Another cryptocurrency platform, EXMO has also lent a helping hand to the compromised exchange. According to the Bitrue, EXMO was also able to freeze some of the stolen funds.
Bitrue is giving its users full disclosure regarding the details of the hack and about its efforts in getting its site up and running and restoring the lost funds. The exchange revealed that at the moment their team is conducting an emergency inspection and that they “hope to be live again as soon as possible with log in & trading functionality”.
However, withdrawals are going to be offline for a longer period of time as Bitrue will continue investigating the situation thoroughly, leaving no stone unturned. The platform has already gotten the relevant authorities involved in their effort to track down the hackers and retrieving the stolen funds.
The exchange initially claimed that the platform was down due to some unplanned maintenance. Bitrue did apologize to its users for miscommunication regarding the hack and explained that it was because of the uncertainty of the situation that they misled the users. Moreover, Bitrue also tweeted a link, through which the flow of the stolen fund can be tracked.
The flow of the stolen funds can be tracked here – https://t.co/oH5GWmJjdG . If you have any information about this breach, please contact us at email@example.com or DM us on twitter, @BitrueOfficial
— Bitrue (@BitrueOfficial) June 27, 2019
Furthermore, Bitrue reassured its users twice that 100 percent of their stolen funds will be returned to them. The tweet read:
Once again, I want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible.
The crypto community on Twitter is lauding Bitrue’s efforts for handling such a critical situation with so much composure and professionalism, that too without keeping their users in the dark. A user named Nik Bougalis tweeted:
While it’s clear that you have to make some improvements in your internal processes, your team deserves kudos for your handling of a difficult situation: you prioritized users, responded in a timely fashion and used clear, concise and direct language.
Thanks for the update! Your team are handling an exceptionally difficult circumstance with integrity and professionalism. I have no doubt @BitrueOfficial will be stronger and more prepared moving forward @Curis_Wang
— Jstified (@jstb4udie) June 27, 2019
Thank you @BitrueOfficial for being a class Act. ?? A great way to regain trust and build credibility.
— Kasum Capital (@Kasum_Capital) June 27, 2019
Bitrue also tweeted that if anyone happens to have any information regarding the breach, they can directly contact the exchange via firstname.lastname@example.org and through direct message on their Twitter account.