- Hackers drained Bitrue’s wallet for $23 million.
- Bitrue has two insurance wallets, with assets just under $23 million.
- It is not clear whether this was Bitrue’s only hot wallet.
Hacks are proving to be stunningly common in the crypto industry. The latest hack of a centralized exchange raises questions about its security and risk management practices.
Crypto exchange Bitrue reported a security breach in one of its hot wallets on Friday. The attackers were able to withdraw around $23 million worth of ETH, QNT, GALA, SHIB, HOT, and MATIC.
Bitrue claims that the affected held less than 5% of Bitrue’s overall funds and that the rest of the wallets remain secure. They also promised to provide transparency throughout the process.
Sponsored
This is likely little consolation to depositors who could not withdraw their funds. In its announcement, the exchange said it would pause withdrawals until April 18 to “conduct additional security checks.”
Despite promises that Bitrue would reimburse all depositors, some users remain skeptical about Bitrue’s ability to pay the money back.
Bitrue Insurance Fund Raises Questions
As it happens, Bitrue set up an insurance fund that would protect depositors in the event of a hack like this. However, how this fund is set up raises questions about its security practices.
Sponsored
In December 2022, Bitrue announced it created two insurance wallets, which would guarantee depositors in a hack.
“In the unlikely event of a security breach resulting in user funds being taken from our hot wallets, users will be reimbursed using this insurance fund,” the exchange wrote.
Significantly, Bitrue promised that these wallets would contain an amount “exceeds the value of the coins that remain within our hot wallets at any one time.”
The two insurance wallets still hold 41.049 million XRP tokens and 40 million Bitrue coins. These holdings are currently worth $21 million and $1.3 million, slightly less than the hacked amount.
A potential explanation is that the Bitrue token dropped 5% after the hack, bringing the total slightly below the amount in its hot wallet.
This raises the question of whether Bitrue only had one hot wallet. If so, this would have created a single point of failure for the exchange.
Bitrue’s earlier statement about its insurance fund references multiple hot wallets. If Bitrue had multiple hot wallets, this raises questions about the firm’s claims of holding enough collateral to cover the assets in these hot wallets.
On The Flipside
- There is currently no indication whether Bitrue had multiple hot wallets and what the amounts in these wallets are.
- DailyCoin contacted Bitrue with questions about its hot wallet(s). The exchange did not respond by the time of this publication.
Why You Should Care
The Bitrue incident shows that using an exchange’s native token as insurance or collateral is not good risk management. This is because the value of these tokens tends to drop if the underlying project is in trouble.
Read about another recent hacking incident:
SafeMoon Hacker ‘Accidentally’ Steals $8.9M. Wants to Return Everything
Read more about the latest CFTC attack against Binance:
Binance Lawsuit: CFTC Chief Doubles Down on Accusations Against Exchange
