Bitrue Hack Raises Questions About Security

• Hackers drained Bitrue’s wallet for $23 million. 
• Bitrue has two insurance wallets, with assets just under $23 million. 
• It is not clear whether this was the only Bitrue’s hot wallet. 

Hacks are proving to be stunningly common in the crypto industry. The latest hack of a centralized exchange raises questions about its security and risk management practices. 

Crypto exchange Bitrue reported a security breach in one of its hot wallets on Friday. The attackers were able to withdraw around $23 million worth of ETH, QNT, GALA, SHIB, HOT, and MATIC. 

Bitrue claims that the affected held less than 5% of Bitrue’s overall funds, and that the rest of the wallets remain secure. They also promised to provide transparency throughout the process. 

This is likely little consolation to depositors who were left unable to withdraw their funds. In its announcement, the exchange said it would pause withdrawals until April 18, to “conduct additional security checks.” 

Despite promises that Bitrue would reimburse all depositors, some users remain skeptical about Bitrue’s ability to pay the money back. 

Bitrue Insurance Fund Raises Questions

As it happens, Bitrue set up an insurance fund that would protect depositors in the event of a hack like this. However, the way that this fund its set up raises questions about its security practices. 

In December 2022, Bitrue announced it created two insurance wallets, which would serve to guarantee depositors in the case of a hack. 

 “In the unlikely event of a security breach resulting in user funds being taken from our hot wallets, users will be reimbursed using this insurance fund,” the exchange wrote. 

Significantly, Bitrue promised that these wallets would contain an amount “exceeds the value of the coins that remain within our hot wallets at any one time.” 

The two insurance wallets still hold 41.049 million XRP tokens and 40 million Bitrue coin. These holdings are currently worth $21 million and $1.3 million, which is slightly less than the hacked amount.

A potential explanation for this is the fact that Bitrue token dropped 5% after the hack, bringing the total slightly below the amount in its hot wallet. 

This raises the question of whether Bitrue only had one hot wallet. If so, this would have created a single point of failure for the exchange. 

Bitrue’s earlier statement about its insurance fund references multiple hot wallets. If Bitrue had multiple hot wallets, this raises questions about the firm’s claims of holding enough collateral to cover the assets in these hot wallets. 

On The Flipside

• There is currently no indication whether Bitrue had multiple hot wallets, and what the amounts in these wallets are. 
• Dailycoin reached out to Bitrue with questions about its hot wallet(s). The exchange did not respond by the time of this publication. 

Why You Should Care

The Bitrue incident shows that using an exchange’s native token as insurance or collateral of any kind is not a good form of risk management. This is because the value of these tokens tends to drop if the underlying project is in trouble. 

Read about another recent hacking incident. 

SafeMoon Hacker ‘Accidentally’ Steals $8.9M. Wants to Return Everything

Read more about the latest CFTC attack against Binance

Binance Lawsuit: CFTC Chief Doubles Down on Accusations Against Exchange