– Crypto exchange Bitrue was hit by a hot wallet flaw, allowing attackers to withdraw about $23 million.
– Bitrue claimed that the affected hot wallet accounted for less than 5% of the total cash on the exchange.
Cryptocurrency exchange Bitrue was hit by a hot wallet flaw, allowing attackers to withdraw about $23 million in crypto assets.
Bitrue shared an announcement on 14 April, stating that the exchange temporarily suspended all withdrawals owing to a “brief exploit” of its hot wallet. The exchange was attacked previously in 2019, losing over $5 million in Cardano owing to another hot wallet hack.
1/4: We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation. pic.twitter.com/QioPHSB2DM
— Bitrue (@BitrueOfficial) April 14, 2023
Following additional security measures, the company aims to reopen withdrawals on 18 April.
Bitrue added that it was able to address the issue immediately, allowing the platform to avoid additional draining of funds. The exchange stressed that the affected hot wallet accounted for less than 5% of the total cash on the exchange.
The exchange officials also announced reimbursement for all identifiable users who were affected by the incident.
The currencies impacted on the attacked hot wallet included Ether, Shiba Inu, Quant, Gala, Holo, and Polygon, according to the statement.
Bitrue, which was founded in Singapore in 2018, is a significant centralized cryptocurrency exchange that trades about $2 billion in crypto each day on average.
Hackers move from centralized to DeFi exchanges
Over the last few years, hackers have shifted away from traditional centralized exchanges towards decentralized finance (DeFi) exchanges.
According to Chainalysis data, crypto exchange hacks accounted for just 3% of all crypto stolen in Q1 2022. At the same time, DeFi protocols were responsible for 97% of the stolen assets.
Almost 97% of all cryptocurrency stolen in Q1 2022 was taken from DeFi protocols, up from 72% in 2021 and just 30% in 2020. Centralized exchanges, formerly a top destination for stolen funds, fell out of favor, receiving less than 15% of the total.
This is likely due to exchanges’ embrace of AML and KYC processes, which threaten the anonymity of cyber criminals.