Hacked Singapore crypto exchange Bitrue loses $5M in user assets

A cryptocurrency exchange in Singapore has been hacked, resulting in millions of dollars in losses for the firm, according to reports.

Bitrue, which is based in the city-state, lost over 9.3 million XRP and 2.5 million Cardano (ADA), after hackers gained access to funds stored in a hot wallet environment.

According to the exchange, the hack is the work of a single individual, who managed to circumvent platform security earlier by gaining access to a small number of accounts.

At approximately 1am June 27 (GMT+8), a hacker exploited a vulnerability in our Risk Control team's 2nd review process to access the personal funds of about 90 Bitrue users.

— Bitrue (@BitrueOfficial) June 27, 2019

Since then, the hacker is reported to have used the experience to carry out this much larger attack, which will now cause problems for those that were holding money on the exchange.

In response to the hack, Bitrue said the problem had been contained, and that they had taken steps to notify receiving cryptocurrency exchanges, specifically Huobi, ChangeNOW and Bittrex, which it says have cooperated in helping to freeze illegitimate transactions.

Fortunately, the firm has insurance cover in place to protect client funds, and Bitrue has told those affected that their funds will be replaced as soon as possible.

Nevertheless, the case shows yet again the risks of holding cryptocurrency with an exchange, at a time of increasingly prevalent cryptocurrency hacks, frauds and scams.

The Bitrue hack is only the latest apparently successful attempt from hackers to make off with millions in cryptocurrency as a result of exploiting security loopholes in exchange platforms.

Bitrue said it was now carrying out a thorough review and investigation into the platform, with plans to restore functionality as soon as possible. Withdrawals are expected to remain closed for some time, though traders are expected to get access to log-in and trading support much sooner.

The firm has said it is in touch with Singaporean law enforcement over the hack, and that it is working with other agencies to monitor the movement of funds seized in the attack.

The exchange hopes to be able to recover at least some of the money lost, if not from the hackers themselves from the theft insurance in place covering Bitrue client funds.

It remains to be seen whether this be possible.