Pages:
Author

Topic: [2021-04-30] Hotbit announced a possible leak of user data (Read 200 times)

legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
I saw that they mostly came back with all function.
whether anyone can confirm that deposit and withdrawal working normally on Hotbit?
For some coins (which I follow) Coinmarketcap still hasn't regular update of the trading volume. For example IDNA had last update 390 hours ago. although I see that there is still some trade going on there.
legendary
Activity: 2618
Merit: 1505
So today, basically, the hotbit exchange has restored its functionality, which of course is very good for users and they have not lost their funds, the latest news on the recovery:

Deposit ERC20 token but not received

the node of ERC20  chain have a delay. You need to queue and wait for the deposit processed by the system automatically.

Please wait for 3~5  hours for deposit.Height is syncing

hero member
Activity: 3010
Merit: 794
Their last update was on May 9 but it seems they do able to fix it out and might able not to post the updates.

May 9th, 2021

02: 30 AM UTC More than 95% of the environment has been built, and the final performance optimization and security testing are carried out continuously to repair the inconsistency problems found in data verification. We will announce the relatively accurate external recovery steps of the platform in 12 hours


Source: https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-

Checked out that the market is live and you can make out deposits.The only problem ive been encountering is on withdrawals where it does only show loading on sign.
legendary
Activity: 2618
Merit: 1505
In general, as promised by the support of Hotbit, the exchange platform, although not as smoothly as we would like, but still launched today, they promise to gradually restore the deposit and withdrawals. The work of the website and the mobile application now display information in different ways, but gradually, as Hotbit promises, everything will work correctly.. Now, as far as it can be understood, the exchange bots are trying to align the exchange prices within the market in accordance with the market, the latest news can be read at the links: https://t.me/Hotbit_announcements   https://hotbit.zendesk.com/hc/en-us/articles/1500010421801- https://hotbit.zendesk.com/hc/en-us/articles/1500010420041-

The Announcement Regarding Hotbit’s Puppy Carnival Event
The Details of The Event Are Listed As Below:

1. All Hotbit users will leveled up to V8 for one month. According to the rate of transaction fees based on V8 level, the maker’s rate of trading transaction fees of all projects in Global Select area will be -0.05%, which means that after successfully settling and finishing the maker orders they placed, the users will receive an extra 0.05% of bonus; the taker’s rate of trading transaction fees of all projects in select area will be 0.06%, which means that the rate of trading transaction fees for takers will be 0.06%, which is known to be one of the very discounted rates on the market.

2. Hotbit platform will adjust the rate of transaction fees for all projects under puppies sectionfor one month. During the period of adjustment, the rate of transaction fees for all projects under puppies section will be exactly the same as the rate of transaction fees for all projects in Global Select area.

3. We will launch “Deposit And Receive 1‰ Bonus” event for all projects in puppies sections within 24 hours after relaunching the deposit function of Hotbit platform. During the event, there will be no maximum limit for the bonus! The duration of the event will be 05:00, May 12th, 2021 - 05:00, May 13th, 2021 (UTC). All rewards of the event will be distributed to all relevant users’ accounts within five business days after the event terminates.

4. We will comprehensively raise the incomes of POS and incentive plans of all projects under puppies section; the APY of SHIB will be adjusted to 3.65%; and the APY of all other projects under puppies sectionwill be adjusted to 5%. The abovementioned incomes will be generated from the withdrawal transaction fees of the platform and the extra subsidy of Hotbit. We will also launch the POS income products for those projects that involve the concept of liquidity acquisition. Hotbit will provide a further 5% incomes based on actual rate of acquisition.

Duration of Adjustment: 04:00, May 13th, 2021 - 04:00, June 12th, 2021 (UTC)

(The incomes are generated from the trading transaction fees of the projects under puppies section and the subsidy provided by Hotbit)

The tokens involved in the above-mentioned event are: DOGE、SHIB、LEASH、AKITA、PET、NYAN、DOGIRA、FEG、FEGBSC、ASS、POODL、PIG、SBEAR、KANGAL、SAFEMOON
.



Hotbit’s trading, deposit and withdrawal services are set to be recovered soon. Click here for detail

Before the services are fully recovered, it is recommended that you read our previous announcements regarding the progresses of Hotbit’s service recovery process.

Nevertheless, we would still like to remind you regarding the following issues and concerns:

 ⚠️1.Considering the fact that we have already canceled all orders placed by our users, and it takes some time for the market makers to gradually recover the provision of liquidity, it may lead to the fact that, during the first couple of hours or days after we relaunch the trading function, the prices of certain projects may significantly deviate from their market prices due to insufficient liquidity. Please do not conduct any trading activities of which the prices deviate from your expected prices. Instead, all you need to do is to place your orders in advance according to your expected prices, or or patiently wait until the withdrawal function to be restored.

⚠️2.It is expected that, during the first couple of hours or days after we recover our services, there will be a huge influx of user traffic on Hotbit platform, which may leads to system instability and lower user experience. Please do arrange your schedule rationally to avoid the peak hours. No need to rush, as everything will be recovered in order.

⚠️3.The deposit addresses of all your assets have all been modified, please do not use your previous deposit addresses to deposit any assets into your Hotbit accounts!

⚠️4.We have noticed that the projects under puppiessection has recently become the new hot spot of the market. Hence, we have designed special events for the projects under puppies section that last for 24 hours. Please click here for more details . Considering the fact that the events involve rewards for deposits, during the event, the withdrawal function of all projects under puppies section will be temporarily unavailable. After the event finishes, the withdrawal function of all relevant projects will be resumed immediately.

⚠️5.If you have deposited any assets during the previous two weeks of maintenance and service suspension period, please wait patiently for our ongoing progress recently regarding the arrival of deposit transactions. In case that the assets you deposited during the maintenance and service suspension period still haven’t arrived into your Hotbit account(s) after May 21st, 2021, please contact our customer service team ( click here (https://hotbit.zendesk.com/hc/en-us/requests/new) for support ticket).

⚠️6.The level of your Hotbit account(s) will be automatically raised to the highest level (V8) by the system for one month, which allows you to enjoy the best rates of taker transaction fees in all Hotbit sections (taker transaction fees of projects in selected section will be 0.06% only).

After several rounds of discussion, Hotbit team now confirms and publishes the recovery plan of Hotbit’s trading, deposit and withdrawal functions as below:

⏰May 12th, 2021

🔅04:00 AM UTC- Gradually recover the trading function of all projects on Hotbit platform
🔅05:00 AM UTC- (Based on the prerequisite that the trading system remains stable) Recover the deposit function of all projects based on BSC and TRC 20 mainnet, recover the deposit function of BTC.
🔅03:00 PM UTC-- Recover the withdrawal function of all projects based on BSC and TRC 20 mainnet (the withdrawal function of all tokens under puppies section will be resumed after the event finishes). Recover the withdrawal function of BTC. Recover the deposit function of all projects based on ERC 20 and HECO mainnet.

⏰May 13th, 2021
🔅05:00 AM UTC -- Recover the withdrawal function of all projects based on ERC 20 and HECO mainnet (the withdrawal function of all tokens under puppies section will be resumed after the event finishes)
 
⏰May 14th - May 21st, 2021
🔅Gradually recover the deposit and withdrawal functions of all projects based on various mainnets such as DOT, FIL, HNS, KDA, DOGE and LTC etc.
.


legendary
Activity: 2618
Merit: 1505
At the moment, the entrance to the hotbit exchange is open to users, the first time you log in, you need to change your password to log in, then you can log in to your account and check your funds on the account. Some users complain about the inability to log in to the account after changing the password, representatives of the exchange recommend waiting for some time and trying again, as due to the huge number of requests, there may still be failures in the work. And another update from hotbit exchange support: https://t.me/Hotbit_announcements  https://hotbit.zendesk.com/hc/en-us/articles/1500009979481-The-Announcement-Regarding-Hotbit-s-Service-Recovery-Process

The Announcement Regarding Hotbit’s Service Recovery Process

Dear Hotbit users,

We are back ! Everything will be fine within a week.Thanks for the waiting!

Before fully recovery, please read and pay attention to the following notices carefully:

⚠️1.You will be requested to change password after first login to guarantee the security of your account.
⚠️2.All of your placed orders have been mandatorily canceled to prevent loss due to market fluctuations.
⚠️3.Deposit addresses of all your assets have been changed for security reasons. Please do NOT use your previous deposit addresses again or it will take very long time to get your assets back .
⚠️4.If you have deposited any assets into your Hotbit account(s) during 04:00 PM, April 29th, 2021 - 00:00 AM, April 30th, 2021 (UTC), please wait patiently, your deposit will arrive in your account(s) before May 14th; Meanwhile, if you have deposited any assets during the maintenance, your deposit will arrive in your account(s) before May 26th. If you haven't get your transfer on Hotbit account after May 26th , please submit a support ticket to us and our customer service team  will register it for you.
⚠️5.To prevent the loss caused by holding the positions, all of your leveraged ETF positions have been forcibly liquidated according to the announcement here .
⚠️6.Before the resumption of trading services, the estimated price(s) of your asset(s) displayed by the system is (are) incorrect. Please temporarily ignore the wrong numbers, as everything will be normal after trading services being online.

⚠️7.The recovery of APP will be slightly later than that of website. Please pay attention to our announcements for further notices.

Below are the schedule came from tech team after lots of discussions. Considering the gigantic size of Hotbit's system and user data, it's possilbe that some services might be unstable at the beginning but it will be solved quickly. Meanwhile, it is also expected that a huge number of users (mainly users of SHIB, DOGE or assets of meme section) may cause system overload as well. Hence, the accurate and detailed time of recovery still depends on actual situations.

⏰04:00 AM , May 10th, 2021 (UTC), Relaunch the functions regarding login, registration, the browsing of assets and data. Meanwhile, we will start the distribution of various types of incomes. Before the recovery of all other services, the accuracy of historical data is the most important factor. Hence, despite the fact that we have finished the verification regarding the data of all historical assets, we still strongly recommend you to check and verify your assets carefully. If you have any concerns or queries, please submit a support ticket to our customer service team for further verification.

⏰04:00 AM , May 12th, 2021 (UTC), Spot trading services for all the assets will be gradually restarted.

⏰04:00 AM , May 13th, 2021 (UTC), After finishing the distribution of various types of incomes including interests, profits of investment section and dividents of cloud mining etc, we will relaunch the service of investment section, including functions like purchase, redemption and asset transfers.

⏰Before 03:00 PM, May 14th, 2021, Gradually relaunch deposit and withdrawal services based on the testing results. BTC, ERC20 and BEP20 will be top priorities. And Considering there are over 100+ mainnets supported by Hotbit, the recovery process regarding the deposit and withdrawal functions of all mainnets may last longer. It is now expected that we will resume all no later than May 21st, 2021 if all other things are fine. We will publish real-time announcements regarding the order and progress of all recovery procedures in our official Twitter and Telegram. And there will be no limitation on the volume of withdrawals for all accounts as Hotbit always supported.

⏰04:00 AM , May 16th, 2021 (UTC), Finish the calculation and liquidation of all assets in leveraged ETF section and relaunch ETF trading service.
.


Due to a huge influx of visits from our users, some users may encounter the problems that their asset interface appears to be blank or remains unstable. In case that any of the above mentioned problems occurred, please refresh your web page for several times and wait patiently for a while. All assets will be displayed soon.

At the same time, we’re also optimizing relevant functions. We suggest that you should avoid the current peak time and log in later to check the assets and change the password.
.

legendary
Activity: 2618
Merit: 1505
Soon, according to the assurances of Hotbit, they will announce an approximate date for the launch of the exchange, rather tonight or something around this time, but for now just another message about the progress made to date on the restoration. https://t.me/Hotbit_announcements/5441  https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-Hotbit-s-Announcement-on-Emergency-Maintenance

The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)
May 9th, 2021
2: 30 AM UTC More than 95% of the environment has been built, and the final performance optimization and security testing are carried out continuously to repair the inconsistency problems found in data verification. We will announce the relatively accurate external recovery steps of the platform in 12 hours
.

legendary
Activity: 2618
Merit: 1505
The daily digest of the process of preparing for the restart (according to the representatives of the exchange) of the Hotbit exchange continues after a week since the incident as of May 8, the recovery process continues and, as Hotbit states, the approximate timing of the restart will be announced tomorrow. https://t.me/Hotbit_announcements/5439 https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-Hotbit-s-Announcement-on-Emergency-Maintenance

The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)

May 8th, 2021 All processes are as follows
Apart from modules of investment functions, we have almost finished the deployment of other modules. Currently, we’re still conducting manual verifications on certain suspicious problems reflected by the results of data verification processes within these days. Besides that, based on certain results of testing, we’re also in the progress of some minor updates on trading servers. It is expected that we will provide our users with comparatively accurate processes and schedules regarding the relaunch of our platform and services tomorrow.

May 7th, 2021
02:00 PM UTC   The testing of the API is in progress. Third-party security team started to conduct security evaluation testing.
.

legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
That's a shame. At one end we are forced to do KYC at all exchanges where we want to trade to avoid money laundering and other stuff but on the other hand there is no check and balance on the exchanges on how they store our personal data. Unfortunately i also had an KYC account there, although i had no funds in that exchange at the moment.
Yeah, I totally agree--as with any other company out there, if they want our personal data they should at least have strong security in place such that it doesn't get hacked.  That's assuming it was hacked and not sold, that the story they're giving us is the truth.  Who knows if that's the case.  And you're fortunate that you didn't have any funds on Hotbit and smart not to have left any on there.  Nobody should be leaving coins on any exchange longer than overnight if they don't want to lose them.

This shit always happens when the price of bitcoin is soaring.  I wouldn't be surprised if this isn't indeed the start of an exit scam.
legendary
Activity: 2618
Merit: 1505
Hotbit publishes the next progress in restoring the exchange's functionality, according to their statements, the process is moving quite quickly, however, they do not report the opening of the exchange in the near future, so there is no hope for an early opening. Despite everything that is happening, Hotbit makes an announcement about the listing of One Basis Share (OBS), which is certainly strange against the background of all that is happening https://hotbit.zendesk.com/hc/en-us/articles/1500009503281

The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)

May 7th, 2021
07:30 AM UTC  Almost finished the verification of data. Started the testing of the API functions between trading servers and market makers.
01:30 AM UTC  Finished the recovery and restoration of data in investment modules, started the verifying of data.

May 6th, 2021
02:30 PM UTC  Testing and debugging of trading servers in progress.
08:00 AM UTC We are still processing recovery the data of investment modules.
(The incomes due and payable during our recovery and restoration period will be paid to all relevant users’ accounts after our platform is fully recovered).
02:30 AM UTC  The recovery processes regarding the data of user registration, deposits and withdrawals and orders are nearly finished. Currently, we are also recovering the data of investment modules.
.

legendary
Activity: 2618
Merit: 1505
Hotbit continues to keep a report in its diary describing the steps to restore the exchange's functionality(I would like to believe that they are frank) you can watch the operational update in telegram https://t.me/Hotbit_announcements or on the website https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-or on their official twitter account https://twitter.com/Hotbit_news

The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)

May 5th, 2021
01:30 PM UTC Starting to configure deposit and withdrawal servers. Testing of trading services in progress. (Just as we have mentioned in our initial announcement, the recovery process involves the recovery of both servers and data. The accurate and precise recovery can only be realized after finishing the recovery of both servers and data. Hence, even if the trading, deposit and withdrawal servers are recovered, we are still unable to launch the deposit, withdrawal and trading services immediately).
07:30 AM UTC The work of data reconstruction and recovery from the historical backup point to the time of attack is still in progress.
02:30 AM UTC  Finished the recovery of historical backup data, starting to conduct the reconstruction and recovery process of all data generated between backup point and the time point that the hacking attack occurred. (The backup processes are conducted once in a certain period of time, normally on a daily basis. We are now recovering the data starting from our most recent backup. Considering the huge volume of data on our platform, we normally conduct the backup process more frequently than once everyday).

May 4th, 2021
01:40 PM UTC  Starting to conduct various testings on trading server.
07:30 AM UTC  Finished 50% of database import
02:30 AM UTC  Finished the deployment of all servers, conducting encryption on configuration parameters.
.

hero member
Activity: 3010
Merit: 794
Quote
We initially expect that the recovery period will last about 7-14 days.

I am very suspicious here about the ownership accounts and the funds on them. Certainly, this does not instil in me confidence in the security of their platform.
Luckily i was able to sell my PCL(Peculium) into this exchange before on the said hacking incident which it did really save up my ass on experiencing on locked up funds as there's no other exchange where i can sell off those coins aside from Bitmart(which does have KYC) and this one.

Based up on experience, i dont have any problems but im aint really a regular user and just intently sell off coins for the first time and newly created accounts does have 24 hours  hold of funds.

The good side of them is that they are active on making out some updates about the progress of such recovery but i wont be surprised if they'll get hacked once again in the future.
If they are really having that week to week basis maintenance then i do saw its a bit exaggerated.
legendary
Activity: 3472
Merit: 3507
Crypto Swap Exchange
I frequently use Hotbit in the last six+ months. they very often have some maintenance time, which always lasts almost one day. this gave me the impression that their exchange was not well coded. Even if they say that is planned maintenance, why they do it once a week?
Now they are under attack, this has been a long time now and it seems like they are doing everything from the beginning, and it won't be finished very quickly.

This is his last statement: https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-
Quote
Hotbit team has shut down all services for inspection and restoration immediately, and the overall recovery period is expected to be no less than 7 days.

and
Quote
We initially expect that the recovery period will last about 7-14 days.

I am very suspicious here about the ownership accounts and the funds on them. Certainly, this does not instil in me confidence in the security of their platform.
legendary
Activity: 2618
Merit: 1505
The official Hotbit announcement channel continues to promptly notify users about the progress of ongoing work to restore the exchange's functionality here is a fresh announcement on the channel  https://t.me/Hotbit_announcements:

The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)

May 4th, 2021
02:30 AM UTC  Finished the deployment of all servers, conducting encryption on configuration parameters.

May 3rd, 2021
01:00 PM UTC  Install and set the database service, start to verify the data and to recover the deleted data.
07:30 AM UTC Install various security patches and configure security
.

legendary
Activity: 2618
Merit: 1505
Hotbit continues to publish in its telegram channel current updates on the progress of work to restore the functionality of the exchange system and the progress made https://t.me/Hotbit_announcements

The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)

May 3rd, 2021
2:00 AM UTC Approximately 90% of server basic system restoration is finished.

May 2nd, 2021
01:00 PM UTC The security assessment is passed, Hotbit has started to migrate the transaction server database
.

legendary
Activity: 2618
Merit: 1505
Hotbit publishes daily progress in its telegram channel https://t.me/Hotbit_announcements related to our recovery process, progress will be continuously updated daily until the site is fully restored.

May 2nd, 2021

03:00 AM UTC  The restoration and deployment of system environment are still in progress, with approximately 40% of restoration finished.
10:00 AM UTC  Hotbit's internal security team is conducting security audit together with the external security team to evaluate the security level of the whole process. If the security level assessment is passed, the migration of the transaction server database will start.

May 1st, 2021
Complete the plan of the new architecture, with approximately 200 servers in the process of reinstallation of system environment.

April 30th, 2021
Reformulate the deployment process of environment system and establishment plan of secure environment, transfer assets from hot wallets to cold wallets

hero member
Activity: 2114
Merit: 619
It's really shameful how easily these websites leak user data after ensuring our safety while asking for KYC. Even if it is not a setup for exit scam and if all this has actually happened it still is pretty bad for all the folks whose data would now be easily available on Dark Web for sale. These carless exchanges don't focus even a bit on customer security and data breaches all they aim at is minting money.
 
This isn't something easily brush off by saying that the customer funds are safe because we will never know if the leak was an extensive one. To everyone who uses this wallet, better if you move your funds elsewhere because you don't know what's going to happen next.

Ahh I know what would happen next. They will most probably pause any withdrawals from the system citing that there might be possible leakage of funds and they are repairing the system. This might go on for hours or days or maybe weeks after which they will say sorry we couldn't recover the funds.
full member
Activity: 1134
Merit: 105
Customer funds are safe, the representatives of the platform said.

But customer data aren't safe, which means their user soon will experience social engineering attack, extortion or death threat.

That's a shame. At one end we are forced to do KYC at all exchanges where we want to trade to avoid money laundering and other stuff but on the other hand there is no check and balance on the exchanges on how they store our personal data. Unfortunately i also had an KYC account there, although i had no funds in that exchange at the moment.
legendary
Activity: 2618
Merit: 1505
Customer funds are safe, the representatives of the platform said.

But customer data aren't safe, which means their user soon will experience social engineering attack, extortion or death threat.

Yes, you are right, Hotbit reduces everything to the means of users and looks at the problem only from one side and the security of people does not bother them, referring to the fact that when you transfer your personal data, you agree to the transfer of information to third parties. Sad

In the telegram channel https://t.me/Hotbit_announcements a little explanation on Hotbit wallets how to transfer money along the chain, we are creating a new cold wallet. Here is the address of our wallet, users can check it carefully, all funds are safe  https://t.me/Hotbit_announcements/5415
Hot Wallet 1: 0x274f3c32c90517975e29dfc209a23f315c1e5fc7 eth  
Hot Wallet 2 0x3e45321621e4e93f2db46239f6567b1383593f6b heco
Hot wallet 3 0x39aa02d6b499a76a70fab5f164e8be587c366141 bsc   
Cold Wallet 1 0x2478332FE393BA40dDC9cAf8353a333fA64FDD3f   
Cold Wallet 2 0x2AcDb44596E2b6FFBBF62614C9aaD9CD04980248 
Cold Wallet 3 0x4e29B63A980C6e76F9f56EF123DA896f9F16ACe8   
Cold Wallet 4 0x8533a0bd9310eb63e7cc8e1116c18a3d67b1976a

Daily report on the progress of work on solving technical issues and restoring the exchange's functionality https://t.me/Hotbit_announcements/5416

Code:
May 1st, 2021
Complete the plan of the new architecture, with approximately 200 servers in the process of reinstallation of system environment.

April 30th, 2021
Reformulate the deployment process of environment system and establishment plan of secure environment, transfer assets from hot wallets to cold wallets.
legendary
Activity: 1316
Merit: 1481
And so begins another exit scam......
I agree, it is not the first time, it is not going to be the last!
This is the most dangerous thing about sending our data to these exchanges because when a breach like that happens only god knows where these data is going to finish and who is going to use it to scam us even further. I am glad I do not use that service.
member
Activity: 1120
Merit: 68
This isn't something easily brush off by saying that the customer funds are safe because we will never know if the leak was an extensive one. To everyone who uses this wallet, better if you move your funds elsewhere because you don't know what's going to happen next.
Pages:
Jump to: