Cyber Incident Victim: Bitrue

On March 14, 2023, Singapore-based cryptocurrency trading platform Bitrue disclosed that approximately $23 million in digital assets was stolen from one of its hot wallets through a cyberattack. The attacker withdrew funds in multiple cryptocurrencies, including Ethereum (ETH), Polygon (MATIC), Shiba Inu (SHIB), Quant (QNT), GALA, and Holo (HOT). A hot wallet—connected to the internet for operational liquidity—represented the attack vector, though Bitrue emphasized this compromised wallet held less than 5% of the platform’s total funds. The company immediately suspended all withdrawals following the incident to conduct additional security reviews, intending to restore withdrawal functionality by April 18. Blockchain analytics firm PeckShield tracked the stolen assets, noting the attacker converted a portion into Ethereum. Bitrue pledged full reimbursement to affected users, mirroring its response to a prior 2019 breach that resulted in $5 million in losses from exploited vulnerabilities.

The incident highlighted Bitrue’s continued reliance on hot wallets despite inherent security risks, though the firm confirmed non-compromise of its offline cold wallets storing the majority of assets. While no additional technical details of the attack method were released, Bitrue initiated a comprehensive security assessment to identify weaknesses. The theft ranked among several high-profile cryptocurrency exchange breaches in early 2023, occurring shortly after decentralized finance platform Yearn Finance reported an $11 million cyberheist. Bitrue’s prioritization of customer reimbursement and service resumption aligned with its established incident response approach, emphasizing fund recovery without operational disruption beyond the temporary withdrawal pause. Financial losses were confined exclusively to the company’s holdings, with no direct impact reported on individual user accounts outside the compensation guarantee.