Published: September 16th, 2020
A group of hackers recently raided six hot wallets belonging to Eterbase and made away with $5.4 million worth of Bitcoin, Ethereum, Tezos, XRP, Algorand, and TRON, among other coins. The criminals transferred the crypto to their wallets, which Eterbase tracked to several cryptocurrency exchanges.
Eterbase, a cryptocurrency exchange based in Bratislava, has been compromised, and $5.4 million worth of crypto stolen. The exchange has revealed that hackers broke into its internal network and stole crypto in various coins. The incident, which was disclosed on Thursday, August 10, affected the company’s hot wallets only.
In a message posted on the popular instant messaging app, Telegram, the Slovakian exchange said that the majority of the stolen funds were in the form of Ethereum (Ether), which made up about $3.9 million of the almost $5.5 million that the thieves stole.
The hackers transferred the loot to addresses in Binance, HitBTC, and Huobi, among a few other exchanges. Eterbase has since contacted the support teams of the mentioned exchanges to help recover the stolen funds.
Further, Eterbase has initiated an investigation and has requested competing exchanges for their cooperation in restoring normalcy. In its message on Telegram, Eterbase informed the public that is has informed central exchanges where the hackers might send the stolen crypto.
The exchange rushed to put its platform on maintenance mode soon after learning of the breach. The homepage still contains an all-black official company announcement stating that the hot wallets have been compromised.
The company also suspended its operations and only resumed on Friday, September 11. However, it was quick to reassure customers that it had adequate reserves to continue operations. And it added that it had notified the authorities of the breach.
Eterbase moved to calm its users, saying that it will take every necessary step to ensure that the customers’ deposits do not suffer damage due to the attack.
Hot wallets are cryptocurrency wallets connected to the internet. Their nature makes them more susceptible to unauthorized access. And, their unshielded nature is the reason why most crypto exchanges often assume the responsibility of managing them on behalf of their customers.
Almost all known crypto hackings where funds have been accessed have been on hot wallets.
On Monday, September 14, Eterbase updated the progress made in recovering the stolen crypto. In the memo, the crypto exchange shared excerpts of a crime report prepared with the help of Uppsala Security and Confirm’s AML Platform.
The report indicated that Eterbase had filed a criminal complaint with Slovakia’s National Criminal Agency in Bratislava. While the exchange promised to post the complaint complete with all the details on its website, it revealed the various competing crypto exchanges where the funds were transferred to and the amount transferred to each of them.
The list includes 11 crypto addresses on Binance containing various crypto coins, among them Basic Attention Token (BAT), Compound (COMP), CoinSwitch (ZRX), Ether (ETH), Synthetix (SNX), Matic (MATIC), Tezos (XZT), and Algorand (ALGO).
Other details on the report include information about 16 cryptocurrency addresses on Huobi, including the amount of crypto transferred into them, and two addresses on HitBTC containing 120906.208406 BAT and 1000.000000 LINK coins, respectively.
Eterbase added that it would keep consistent track of the identified addresses. Further, it will provide an update complete with the data track of all the stolen coins. The total value of the cryptocurrency stolen stands at $5,381,498 (Approx. €4,560,592) as of Thursday, September 10, the Eterbase report added.
Aside from the cryptocurrencies mentioned above, the exchange said that Ripple, Bitcoin Cash, Cosmos, Litecoin, Tron, and BitcoinSV were also stolen.
Eterbase’s co-founder and CEO, Robert Auxt, said all the exchanges mentioned in the report are cooperating closely with the investigations. He added that it is fortunate that the bulk of the looted assets landed inside wallets hosted by the largest providers, Binance, Huobi, and CEX.i0.
The CEO expects the exchanges to present data trees to the Slovakian National Criminal Agency investigators beginning Tuesday, September 15, 2020. He added that since the whole event fits the bill of an offense touching on criminal concerns, he expects the submissions from the exchanges to end up in the Interpol and EUROPOL offices.
Robert said that he had identified a possible breach of Directive 5 of the European Union Anti-Money Laundering regulations.
Some of the stolen funds might get to the European payment area via Europe’s Binance gateway.
The hacking comes just a few days after the exchange completed an elaborate listing process that saw several assets included among tradeable coins on the platform. The coins in question are BZRX from the bZx Protocol and UMA.
It is not clear if the hackers got in by taking advantage of loopholes that might have been created during the mentioned additions.
The Eterbase hacking etches the incident into the list of the ten major hacks committed during the past 18 months. Last year alone, hackers raided 12 crypto exchanges making away with almost $300 million in cryptocurrencies and more than 500,000 million pieces of clients’ data.
Among the exchanges that suffered include the New Zealand-headquartered Cryptopia, which lost over $12 million, CoinBene of Singapore, which bled about $105 million worth of crypto assets, and Bithumb of South Korea from where thieves took almost $20 million.
Other exchanges that have suffered in the recent past include Binance, GateHub, Bitrue, BITPoint, and Upbit.
The Eterbase incident stresses the need for cryptocurrency exchanges to improve their security practices and up their industry standards. Patrick Thompson, the founder of Thompson Writing Company and a contributor for Cointelegraph, said that sadly, not much security improvements and legislation is happening.
Eterbase, a Slovakia-based cryptocurrency exchange, was recently hacked. The thieves made away with $5.4 million worth of virtual assets in the process. The exchange has launched investigations into the incident. Further, it has identified the destination addresses where the hackers transferred the loot and are working with the various exchanges hosting the said addressed to secure the stolen coins.