As at the time of the breach in around 1 a.m. GMT+8 June 27, the stolen funds would have been worth over $4.5 million in XRP (valued at $0.488) and $237,500 in ADA (valued at $0.095), according to CoinMarketCap data.
The exchange stated that a purportedly single hacker first “exploited a vulnerability in our Risk Control team's 2nd review process to access the personal funds of about 90 Bitrue users,” subsequently using this first experience to access the exchange’s hot wallet and steal the cryptocurrency.
According to Bitrue, the attack was swiftly detected and the hacker’s activity suspended by the exchange. Bitrue reportedly notified the receiving exchanges of the incoming ill-gotten funds, specifically Huobi, Bittrex and ChangeNOW whom it credits with helping to freeze the relevant transactions and accounts.
The statement assures exchange users that “their personal funds are insured,” and that all those “affected by this breach will have their funds replaced by us as soon as possible.”
Currently, Bitrue says it is conducting an emergency inspection of the platform and aims to return to live service functionality as soon as possible — with log-in and trading support expected to relaunch sooner than withdrawals, which will remain offline for a longer period.
Bitrue provides the public with a link to trace the flow of funds on the XRP block explorer, and also states that it has contacted the Singaporean authorities to seek help in identifying the perpetrator.
An update is expected from the exchange once more has been learned of the incident.