$4.5m bitrue XRP hack raising a lot of questions

Before I start this post let me be clear that I am not accusing Bitrue of anything untoward. Hacks happen and XRP in particular is constantly under attack, Take slots rtp for example, any time we post some good news about XRP, within minutes our website gets bombarded with thousands of hack attempts because some evil people will do whatever it takes to keep XRP from gaining traction. But the fact remains of the $4.5m bitrue XRP hack raising a lot of questions.

My warning today though is to very much look any gift-horse squarely in the mouth, do your due diligence and extensive research and wait for any project or exchange to really prove themselves. #DYOR

The XRP Community is the flagship community for all of crypto but this also makes them a massive target. Scam exchanges, pump and dump scams, fake news, FUD and even other cryptocurrency projects piggy backing on the good XRP name. These are all the dangers lurking out there because the XRP Community has so much reach and well worked scams can accidentally spread like viruses. We have seen it many times with XRP based fake or weak exchanges trying to lure XRP to them, forks of XRP pumping and dumping and of course the daily FUD and fake news attacks. A perfect example of warnings we have given about exchanges targeting the #XRPCommunity can be found at the end of this article. If you haven’t read it yet please do as it concerns the DCEX exchange which claimed to be the first exchange running on XRP despite nobody at Ripple having even heard of them.

And please also read about the inside job hack which occurred at Bithumb, another XRP based exchange

Do your research. Stay away from something until it has a proven track record.

Bitrue exchange launched only in July 2018 so hasn’t even been around a year yet and targeted the XRP Community from day 1 being an XRP based exchange.

More recently they announced their own Bitrue Token BTR and incentivized XRP holders to move their funds over the their exchange in order to profit from zero trading fees, zero withdrawal fees and bounties.

BTR trading was all set to go live in 2 days time. 2 days before this massive and seemingly complex hack.

One noted crypto Twitter user BearableKichiroRiddlerBritto called scam and exit scam on the 30th of May and 10th of June respectively and whilst we cannot agree with his sentiments we do need to point this out considering the nature and the timing of this massive hack:

And:

$4.5m bitrue XRP hack raising a lot of questions

For the moment this is all we want to say about the accusations for nothing is proven and in all likelihood this is a genuine hack and Bitrue will keep their promise to make sure all customer funds are safe.

Bitrue are working closely with other exchanges to minimize the impact of the hack.

Official Statement Regarding The Hacking of Bitrue On June 27 2019

Dear Bitrue Users,

First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again.

At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users.

The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.

The attack was soon detected, and activity was temporarily suspended on Bitrue. We alerted the receiving exchanges about the situation, and wish to extend our thanks to @HuobiGlobal, @BittrexExchange and @ChangeNOW_io for their help in freezing the affected funds and accounts.

Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users.

Once again, I want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible.

Right now we are conducting an emergency inspection of the exchange and hope to be live again as soon as possible with log in & trading functionality. Withdrawals will be offline for a slightly longer period while we continue investigating the situation.

We have also contacted the relevant authorities in Singapore to assist us in tracking down the culprit and retrieving the stolen funds. We will update everyone when we have more news to share.

The flow of the stolen funds can be tracked here – https://bithomp.com/explorer/BitrueHack. If you have any information about this breach, please contact us at [email protected] or DM us on twitter, @BitrueOfficial

UPDATE: @Exmo_Com have let us know that they were also able to freeze some of the funds that the hackers took, and we will work together to recover them. Thank you so much for your help EXMO!

~$4.5mil USD was taken, of which ~$1.4m is frozen and recoverable (but not retrieved yet). About $1.9mil was taken from user accounts. It’s all insured though and users will receive it all back.

###

We also cannot re-iterate this point enough, DO NOT keep your hard earned crypto sitting around on exchanges, no matter how good or bad you might think they are. Spend a couple of dollars and get yourself the security you investments deserve!

Relevant news