Crypto exchange Bitrue came under a brief exploit that targeted one of its hot wallets on 07:18 [UTC], 14 April 2023.
During the onslaught, the unknown attackers made off with assets valued at around 23 million USD in the following currencies: ETH, QNT, GALA, SHIB, HOT, and MATIC.
According to leading blockchain expert PeckShield, Bitrue drainer sold off the abovementioned tokens [ 173K QNT, 22.55 billion SHIB, 46.4 million, and 310K MATIC] for roughly 8540 ETH.
Also, the exchange’s native token QNT fell by over 11% in just three hours.
However, according to Bitrue, the impacted hot wallet only has less than 5% of the total funds. The remaining wallets in its collection are secure and unharmed.
“We were able to address this matter quickly and prevented the further exploitation of funds. We take this matter seriously and are currently investigating the situation.” the team stated via Twitter.
Additionally, Bitrue warned users that all withdrawals would be temporarily suspended and would resume on April 18, 2023, in order to conduct additional security checks.
..We are conducting a thorough security review and will share the necessary updates in due course. We seek your understanding and patience at this time. All identified users who are affected by this incident will be compensated in full.
A few days back, the South Korean cryptocurrency exchange GDAC suffered a similar fate. On April 9, unidentified hackers attacked the platform’s hot wallet and stole about $13 million across several cryptocurrencies.
Bitrue Hack Is a Stark Reminder Of Security Risks In Hot Wallets
Following the incident, GDAC CEO Seunghwan Han said that the exchange’s wallet system and related servers were suspended and blocked.
The latest incident serves as a sharp reminder of the security dangers associated with hot wallets, which, unlike cold wallets, are connected to the internet.
As a result, if a hot wallet for an exchange is compromised, both the exchange and its users could suffer large financial losses.
In related news, Yearn Finance suffered exploitation recently due to a vulnerability in its legacy smart contract.
As reported by TronWeekly, DeFi protocols Yearn Finance was plundered to the tune of over $11 million owing to a misconfigured yUSDT, according to Peckshield.