Cyber Incident Victim: BtcTurk
Date:
Jun 2024
Location:
Turkey
Summary
A Turkish cryptocurrency exchange experienced a significant cyberattack targeting hot wallets holding 10 cryptocurrencies, prompting an immediate suspension of deposits and withdrawals to contain the breach. While cold wallets remained secure and the platform assured users its financial reserves exceeded losses, the incident triggered a 10% price drop in AVAX after approximately $54.2 million worth of the cryptocurrency was traced to external exchanges, followed by over $46 million in Bitcoin withdrawals. Binance froze $5.3 million of the stolen assets and is assisting the investigation, highlighting ongoing challenges in exchange security despite regulatory compliance measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 22, 2024, BtcTurk, one of Turkey’s largest cryptocurrency exchanges, experienced a significant cyberattack targeting its hot wallets holding 10 different cryptocurrencies. The exchange immediately suspended all cryptocurrency deposits and withdrawals to contain the breach, emphasizing that cold wallets containing the majority of user assets remained uncompromised. BtcTurk publicly assured users that its financial reserves exceeded the losses incurred and that customer assets would not be affected. The company initiated an internal investigation and engaged official authorities to assist with the incident response. Users were directed to monitor transaction statuses via the platform’s status page during the suspension of services.
The attack triggered immediate market repercussions, notably causing a 10% price decline in AVAX, a cryptocurrency linked to the breach. On-chain investigator ZachXBT identified suspicious transactions involving 1.96 million AVAX (valued at $54.2 million) transferred from the attacker’s address to Coinbase and THORChain. Subsequent withdrawals of over $46 million in Bitcoin from Coinbase and Binance followed, including 587.75 BTC ($38.1 million) moved from Coinbase to a specific Bitcoin address and 122.66 BTC ($7.95 million) withdrawn from Binance to another address. These transactions sparked community scrutiny regarding exchange security protocols, particularly questioning how large-scale withdrawals bypassed compliance controls. Binance responded by freezing $5.3 million of the stolen assets and collaborating with BtcTurk’s investigation, with CEO Richard Teng confirming ongoing security efforts. In contrast, Coinbase did not freeze funds due to internal policy limitations, highlighting divergent responses between exchanges despite regulatory oversight. ZachXBT criticized the broader inefficacy of KYC and compliance frameworks in preventing such incidents, noting that regulated exchanges often lag in practical threat response compared to proactive platforms like Binance.