Singapore-based cryptocurrency exchange Bitrue has reportedly suffered a security incident that saw 90 of its account holders lose their digital assets.
The security breach, which was carried out at around 1.00AM local time, resulted in the loss of 9.3 million XRP coins as well as 2.5 million Cardano (ADA) valued at $4.01 million and $231,800 respectively totaling about $4.3 million as of the time of the attack.
The exchange announced the attack on Twitter early Thursday morning following the disablement of trading on the platform. The exchange made a statement in a series of tweets stating that the affected users’ balances will be fully reinstated.
Apparently, the funds were insured. “First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again,” one of the tweets read.
According to a preliminary investigation by the exchange, it seems that only a single hacker was responsible for the incident. The statement by the exchange further read that:
“A hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.”
Bitrue tracked the movement of the funds to other exchanges and moved swiftly to arrest any further movement. The exchange contacted these receiving exchanges including Huobi, Bittrex, and ChangeNow who consequently moved fast to freeze the funds.
A Thursday afternoon update shows that other funds were also sent to EXMO exchange which also froze the funds once they were sent to their platform. As of press time, Bitrue has not released any official figures on the number of coins that they have gained back control of but it is comforting to know that whoever lost their coins will be reimbursed fully.
The hack comes just weeks after a similar attack on the leading cryptocurrency exchange Binance that saw the exchange lose more than $40 million at the time. Binance also reimbursed the affected victims’ balances fully from their insurance fund called SAFU.
As of press time, Bitrue has reenabled login to its platform as well as trading services but deposits and withdrawals will remain unavailable for the next three days.