Update of June 2, 12:26 pm UTC: This article has been updated to include quotes of hacking analysts.
Bitopro, based in Taiwan, Bitopro confirmed a security violation that led to the loss of more than $ 11.5 million in digital assets from its hot wallets on May 8.
Suspicious transactions, which occurred through hot wallets on Ethereum, Tron, Solana and Polygon, saw asset overflows to decentralized exchanges (DEX) where they were then marked as sold, according to the ONCHAIN ZACHXBT investigator.
Despite the incident, Bitopro did not disclose the feat on X or Telegram for several weeks, Zachxbt said in an article on June 2 on X.
In relation: Bitcoin ‘Premium’ from Metaplanet approaches $ 600,000 per BTC
Blockchain data show that assets have been deposited in cryptocurrency mixer tornadques or a bitcoin bridge via Thorchain, models often used by hackers to make the funds anonymous and not found.
On May 9, Bitopro announced a maintenance period for the exchange, which was resolved the same day. However, many users have since said that they could withdraw the USDT (USDT).
Cointelegraph stretched out Bitopro to comment but had not received an answer at the time of publication.
In relation: Hoskinson promises the audit, is deeply injured ” by $ 600 million Cardano Treasury Claims
The exchange confirms the violation of the weeks later
Three weeks after the incident, Bitopro confirmed that he had undergone a portfolio feat. In a telegram of June 2, the exchange said that the violation had taken place during an upgrade of the portfolio system, when an attacker operated an “old hot portfolio” when the internal fund was reallitated.
The platform has “sufficient virtual asset reserves” and user withdrawals are “completely not affected,” said Bitopro.
The deposits, withdrawals and all the negotiation functions have remained operational, while a security blockchain security company was responsible for tracing the stolen funds, he added.
In a pressure for more transparency, Bitopro said that he would share the new hot portfolio address for an external survey in “a near future”.
DEFI protocols remain the best hacker targets
Pirates continue to target the growing value locked in exchanges and decentralized financing protocols (DEFI).
On May 22, the decentralized CETUS scholarship was operated for more than $ 220 million, but the validators managed to freeze $ 162 million, which was then returned to the protocol after a governance vote on May 30.
On June 2, the Nervos modular blockchain network was operated for $ 3 million in digital assets.
The stolen funds were all exchanged on Ether (ETH) via Tornado Cash, while the team “interrupted all contracts and actively investigates the incident,” said Cyvers alerts in a post of June 2 x.
Attackers were needed for more than six hours and multiple unsuccessful attempts to steal funds, according to analysts from the security company Blockchain Hacken.
“Access control failures are now one of the most critical threats to web3,” said a hacking analyst at Cointelegraph, adding that “the extractor” was specially designed to catch warning signs for similar exploits in real time.
https://www.youtube.com/watch?v=t06mvwz6ngm
Review: Coinbase Hack shows that the law will probably not protect you: here is why
