We’re Back Online & Stronger Than Ever!
After working around the clock we are pleased to say that deposits and withdrawals are online in Bitrue in time for BTR trading to go live!
On June 27 2019 the Bitrue exchange suffered a security breach. The full story was laid out in our official announcement which you can see below:
Official Statement Regarding The Hacking of Bitrue On June 27 2019
Dear Bitrue Users,
First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again.
At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.
The attack was soon detected, and all activity was temporarily suspended on Bitrue. We also alerted the receiving exchanges about the situation, and wish to extend our thanks to Huobi, Bittrex, Changenow, and Exmo.me for their help in freezing the affected funds and accounts.
Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users.
Once again, we want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible.
Right now we are conducting an emergency inspection of the exchange and hope to be live again as soon as possible with log in & trading functionality. Withdrawals will be offline for a slightly longer period while we continue investigating the situation.
We have also contacted the relevant authorities in Singapore to assist us in tracking down the culprit and retrieving the stolen funds. We will update everyone when we have more news to share.
The flow of the stolen funds can be tracked here — https://bithomp.com/explorer/rwSvajJ4ZNhjgzcfaJWkEuLh4VURTFHuka . If you have any information about this breach, please contact us at email@example.com or DM us on twitter, @BitrueOfficial
Breakdown of stolen funds
The hacker(s) stole approximately $4.5 million USD worth of cryptocurrency, the majority of which was 9.3 million XRP and 2.5 million ADA.
50% of this sum ($2.25 million USD) was moved to private wallets, while the remaining 50% was moved to 5 exchanges — Huobi, Bittrex, ChangeNOW, Exmo.me, and Coinswitch.co.
Huobi, Bittrex and ChangeNOW froze the funds on their exchanges, totaling approximately $1.35 million. This frozen amount should be recoverable by Bitrue in the future after working with the authorities and exchanges.
After recovering the frozen assets, the net loss to Bitrue will be $3.15 million USD. This total includes $1.89 million USD lost from individual user accounts, and $1.26 million USD lost from Bitrue’s own hot wallet. The funds lost by user accounts were insured and were replaced from Bitrue’s own wallet.
Resumption of Service
Log in and trading services at Bitrue resumed at June 28 00:00 (GMT+8). The exchange was taken down about 30 minutes after the funds were moved away, due to the triggering of several warning systems. In total the exchange was down for 23 hours.
Withdrawal and deposit services were down for longer, but came back online early on July 4. Full service took a little longer than expected — we add XRP to accounts by scanning the XRP ledger for funds sent to our wallet. When Bitrue came back up we had to scan every block since the time that we went down until now. All 165,000 blocks that were created during the downtime have now been scanned & users have been credited.
We’re now gearing up to launch the trading of our platform token, Bitrue Token (BTR), on Thursday 4 July 2019 23:59 (GMT+8). We have analyzed our security systems and risk control processes and have made several improvements.
We also now offer an increase to the interest rate of users who both hold funds in their Power Piggy program and hold BTR in their accounts. More details can be found here https://www.bitrue.com/activity/online-hold-btr
Speaking of Power Piggy, one big change is that we will now put 100% (up from 70%) of Power Piggy user assets into our cold wallets, so hackers are physically unable to get to Power Piggy funds.
We are going to phase out the existing API keys for our API users on July 5 11:00 (GMT+8), as an extra security measure. Users will be able to apply for new API keys afterwards.
And finally, we’re also revealing our Bitrue Vault service, coming soon! Keep your coins safe in our cold wallets for free. Quickly move them into Power Piggy or withdraw them on a buffer of up to 24hrs. Even if your funds aren’t yet in Power Piggy, Bitrue Vault can maximize your asset safety