Crypto exchange Bitrue announced this morning that it had identified an exploit in one of its hot wallets.
The attacker was able to withdraw assets valued at approximately $23 million in Ethereum (ETH), Quatn (QNT), GALA, Shiba Inu (SHIB), Holo (HOT), and Polygon (MATIC).
Hot wallets are a type of crypto wallet used to store cryptocurrencies that are connected to the internet and easily accessible. These are, however, more vulnerable to cyberattacks and theft than cold wallets, which are not connected to the internet.
According to blockchain security firm PeckShield, the attacker swapped 173,000 QNT, 22.55 billion SHIB, 46.4 million GALA, and 310,000 MATIC for ~8,540 ETH and withdrew to this Ethereum address. The address currently holds $3.2 million worth mainly in SHIB and HOT.
Bitrue reported that the affected hot wallet only held less than 5% of the exchange’s overall funds. They have suspended withdrawals from the exchange until April 18.
In 2019, the exchange suffered another attack where around $5 million worth of Ripple (XRP) and Cardano (ADA) tokens were drained from Bitrue due to a vulnerability in their internal review processes, allowing attackers to gain access to customer accounts.