Official Statement Regarding The Hacking of Bitrue On June 27 2019
“First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again.
At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.
The attack was soon detected, and all activity was temporarily suspended on Bitrue. We also alerted the receiving exchanges about the situation, and wish to extend our thanks to Huobi, Bittrex and Changenow for their help in freezing the affected funds and accounts.
Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users.
Right now we are conducting an emergency inspection of the exchange and hope to be live again as soon as possible with log in & trading functionality. Withdrawals will be offline for a slightly longer period while we continue investigating the situation.
We have also contacted the relevant authorities in Singapore to assist us in tracking down the culprit and retrieving the stolen funds. We will update everyone when we have more news to share.
The flow of the stolen funds can be tracked here – https://bithomp.com/explorer/rwSvajJ4ZNhjgzcfaJWkEuLh4VURTFHuka. If you have any information about this breach, please contact us at firstname.lastname@example.org or Twitter.”
Breakdown of Stolen Funds
The hacker(s) stole approximately $4.5 million USD worth of cryptocurrency, the majority of which was 9.3 million XRP and 2.5 million ADA. 50% of this sum ($2.25 million USD) was moved to private wallets, while the remaining 50% was moved to 5 exchanges – Huobi, Bittrex, ChangeNOW, Exmo.me, and Coinswitch.co. Huobi, Bittrex and ChangeNOW froze the funds on their exchanges, totaling approximately $1.35 million. This frozen amount should be recoverable by Bitrue in the future after working with the authorities and exchanges.
After recovering the frozen assets, the net loss will be $3.15 million USD. This total includes $1.89 million USD lost from individual user accounts, and $1.26 million USD lost from Bitrue’s own hot wallet. The funds lost by user accounts were insured and will be replaced by Bitrue as soon as the exchange resumes service.
Resumption of Service
Bitrue will launch the trading of their platform token, Bitrue Token (BTR), on Thursday 4 July 2019 (GMT+8). Bitrue have analyzed their security systems and risk control processes and have made several improvements. Withdrawals and deposits will return before the end of 3 July 2019.
Since the event, Bitrue have offered an increase to the interest rate of users who both hold funds in their Power Piggy program and hold BTR in their accounts. More details can be found here.
Bitrue will also be undergoing planned maintenance on July 4 15:00 (GMT+8) to prepare for the launch of BTR trading. After the maintenance, users will be able to reduce their trading fees if they pay said fee using BTR.