Bitrue has become the latest cryptocurrency exchange to suffer a major cyber-attack, losing an estimated $4.5m in customer funds in the process.
The Singapore-based company revealed the security breach in a series of tweets early this morning.
“At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team's second review process to access the personal funds of about 90 Bitrue users,” it said.
“The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.”
At current prices, that makes it around $4.25m in Ripple (XRP) coins and $225,000 in Cardano (ADA) coins.
Bitrue seems to have acted promptly to respond to and contain the incident: suspending activity temporarily on the exchange while it investigated and alerting exchanges Huobi Global, Bittrex and Change Now to freeze affected funds and accounts.
“Please note that at the time, due to uncertainty about the current situation, we stated that the exchange was going down for some unplanned maintenance. We apologize for this miscommunication with our users,” Bitrue continued.
“Once again, I want to assure everybody that their personal funds are insured, and anybody affected by this breach will have their funds replaced by us as soon as possible.”
The exchange also posted a link for users to monitor the flow of stolen funds, and alerted the Singaporean authorities of the cyber raid in an attempt to find the culprit and retrieve the stolen funds.
Most customers responding on Twitter have been sympathetic to the exchange’s plight and appreciative of its transparency — although this would no doubt change if they weren’t getting their money back.
A report from earlier this year revealed that cryptocurrency exchanges lost $1.2bn from fraud and cyber-attacks — versus an estimated $1.7bn for the whole of 2018.