Author

Topic: Hotbit crypto exchange has been hacked (Read 264 times)

hero member
Activity: 2520
Merit: 952
May 05, 2021, 09:31:57 PM
#23

I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.
It is a popular destination for mid and low cap DeFi  tokens or NFT so the number is not surprising.

Often they list the tokens by themselves, without any project's interference, also it's infamous for wash trading. I would rather pay more fees on uniswap than using this exchange.
hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
We still can tell when they will successfully finish the whole process but I believe it will only take them 14 maximum days to execute it. Besides, they make a tweet today that says, "Finished the recovery of historical backup data, starting to conduct the reconstruction and recovery process of all data generated between backup point and the time point that the hacking attack occurred."
legendary
Activity: 3136
Merit: 3213
I readed somewhere that they have over a 100 servers and normaly if they got a backup from the Userdata and stuff it should be no problem to recover it.
But it will be a huge step to verify the existing Accounts there , looks like hacking exchanges is more and more in the coming .
Guess it will be take them longer as only 2 weeks for all , but good luck to all that got affected with it.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
Found this from a CoinTelegraph article:

"According to the Hotbit announcement, the maintenance will last for at least seven days with reports that the investigation and system upgrade could take as long as two weeks."

Oh boy... 2 weeks is definitely not gonna sit well with the masses.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Yes, they can sell that afterward in different underground marketplaces.
Exchange hacks are always bad. If significant funds are stolen, exchanges will face with harmful losses and they will end up with two endings.
  • Compensation: Pay hacked-funds for customers, at once or gradually prospective.
    • They often refund for customers prospectively with trading fees in the same time they earn from customers on their exchanges.
    • They don't lose anything, simply sacrifice earnings in a few months whilst spend funds from their pockets to pay for staffs, operational, maintenance, security and other costs.
  • They end with exchange shutdown or scam exit. If the hacked exchange is a new or small one, it will be most common ending.
It's a different case with hotbit as per reports that we've seen, it's about their database that has been taken by the hackers which are also vital. I think it will cost them more if those are the information by them and as well as their customers.

Quote
If it's containing a huge database with verified customers of hotbit, then that's a big issue which shall give some trust issues against hotbit. And a simple reminder and not giving an egoed statement that everything is fine although it's not.
Database and personal identity documents can be sold and compromised in dark market. I often try to not submit my documents for KYC as much as I can.

If I want to buy a coin, I will look at Market/ Exchange list, and choose the best exchange without KYC from the list. When I finish my accumulation, I withdraw all coins to my computer wallet. Just in case, hack occurs, data breach occurs, etc.
I also choose not to pass KYC but if I've got no option but I trust the exchange, that's no problem to me but in this case, I wouldn't probably do it on hotbit and the same exchanges.
copper member
Activity: 2156
Merit: 983
Part of AOBT - English Translator to Indonesia
crypto exchange hacked always be bad news for cryptoindustry especially bitcoin hotbit is also good i withdraw on there 300$+ smooth transcation but yeah the website kinda laggy

year ago there's exchange from china QBTC and ended scam

i just recently saw the tweet https://twitter.com/Hotbit_news/status/1389785746429517826

"May 5th, 2021
02:30 AM UTC  Finished the recovery of historical backup data, starting to conduct the reconstruction and recovery process of all data generated between backup point and the time point that the hacking attack occurred."
full member
Activity: 1008
Merit: 139
★Bitvest.io★ Play Plinko or Invest!
Database and personal identity documents can be sold and compromised in dark market. I often try to not submit my documents for KYC as much as I can.

If I want to buy a coin, I will look at Market/ Exchange list, and choose the best exchange without KYC from the list. When I finish my accumulation, I withdraw all coins to my computer wallet. Just in case, hack occurs, data breach occurs, etc.

I, like you, avoid sharing personal information unless absolutely necessary. You can never be certain where your data will end up. There's a feeling the Internet knows a lot more about me than I'd like to admit.

Using Ledger as an example, we can see how easy it is to hack all of these so called "secure" databases and steal users' personal information, and Ledger was and continues to be a very serious business.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
Yes, they can sell that afterward in different underground marketplaces.
Exchange hacks are always bad. If significant funds are stolen, exchanges will face with harmful losses and they will end up with two endings.
  • Compensation: Pay hacked-funds for customers, at once or gradually prospective.
    • They often refund for customers prospectively with trading fees in the same time they earn from customers on their exchanges.
    • They don't lose anything, simply sacrifice earnings in a few months whilst spend funds from their pockets to pay for staffs, operational, maintenance, security and other costs.
  • They end with exchange shutdown or scam exit. If the hacked exchange is a new or small one, it will be most common ending.

Quote
If it's containing a huge database with verified customers of hotbit, then that's a big issue which shall give some trust issues against hotbit. And a simple reminder and not giving an egoed statement that everything is fine although it's not.
Database and personal identity documents can be sold and compromised in dark market. I often try to not submit my documents for KYC as much as I can.

If I want to buy a coin, I will look at Market/ Exchange list, and choose the best exchange without KYC from the list. When I finish my accumulation, I withdraw all coins to my computer wallet. Just in case, hack occurs, data breach occurs, etc.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
The hacker won't just delete a database, they can take it before deleting it so they should remind their users that if some unknown and suspicious email comes to them, ignore it.
Exactly, I don't think that the hackers will simply delete the database, perhaps they got a copy of it first and then deleted it later. Why they want to get a copy? simply because this criminals can sell this underground, KYC's and all of the stuff and they can used all those accounts to send email with crypto phishing. Win win for them. So stay tune, we might here in the next two weeks of crypto users getting lots of phishing email from this breach.
Yes, they can sell that afterward in different underground marketplaces.

If it's containing a huge database with verified customers of hotbit, then that's a big issue which shall give some trust issues against hotbit. And a simple reminder and not giving an egoed statement that everything is fine although it's not.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
Hotbit is famous for faking volumes on there exchange so I doubt that they had indeed 2M user registered on there exchange.

Registered users!That doesn't mean users with a balance and users that actively trade there.
And even if we would consider those even a  guy trading 5 satoshi worth of shitcoins once a year would still be a user.

Hotbit is a destination for last resort dumping of coins that aren't traded anywhere else and usually, the ones doing that instantly convert to a more serious coin and withdraw it immediately, so the number of actual coins held in cold storage by them could be disproportionately lower than other exchange who claim the same volumes.

Simply because this criminals can sell this underground, KYC's and all of the stuff and they can used all those accounts to send email with crypto phishing. Win win for them. So stay tune, we might here in the next two weeks of crypto users getting lots of phishing email from this breach.

Email phishing would be the last concern of users that have gone through all those checks.
If they had the level of access to allow them to delete a database it's highly probably they've got control over all the servers and not just lines in the DB actually KYC submitted files. Those exchanges are usually so lazy or spend so little in securing those not even mentioning using a 3rd party as they can't afford one so it shouldn't surprise anyone if their documents are now used to open accounts on god knows what website right now.
And don't forget, they have your balance and your real-life address, for someone in the US and Europe might bot be a problem but in other countries  with no laws and insane crime rate that might be something really concerning


member
Activity: 672
Merit: 29
Hackers are the main reasons why I don't keep my assets on the exchange. I prefer withdrawing my assets from exchange to my wallet to avoid stories like this.
Cryptosphere generally is not safe again because of the hackers and scammers hovering around the space.
Nobody knows what are their plans now towards Hotbit or which other exchange will they attack
legendary
Activity: 2688
Merit: 1192
Not sure if this has been reported in our community, but according to Hotbit's official twitter account

I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.

So if you have an account on this exchange, better follow their official twitter account.

Another lessons, "not your keys, not your coins" adage.

Ouch, sounds like they're going to be targeted for some sort of extortion attack. Hopefully they have recent backups that are stored safely away and have not been corrupted by the attackers. The attackers probably want to sell the databases back to them because they will be critical to identifying the balance that is attributed to each user account. I would definitely not feel comfortable storing any large amounts of Bitcoin at a single exchange, they are just far too vulnerable and it only takes one tiny crack to cause billions in damage. If you have a large amount of Bitcoin and don't want to store it in your own wallets, at least spread them out between the top 2-3 exchanges for more peace of mind. As we see companies like Coinbase and soon Binance attain stock market listings, these sort of attacks could create far greater ripple effects in future - enough to cause far greater regulation.
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
So far so good and I, of course, wish that Hotbit will be back to their normal operations with fully functions and funds of customers all are in safe.

Fortunately for people who store their crypto in Hotbit accounts but please take this accident to learn something.
hero member
Activity: 1344
Merit: 540
The hacker won't just delete a database, they can take it before deleting it so they should remind their users that if some unknown and suspicious email comes to them, ignore it.
Exactly, I don't think that the hackers will simply delete the database, perhaps they got a copy of it first and then deleted it later. Why they want to get a copy? simply because this criminals can sell this underground, KYC's and all of the stuff and they can used all those accounts to send email with crypto phishing. Win win for them. So stay tune, we might here in the next two weeks of crypto users getting lots of phishing email from this breach.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Never used hotbit but if they have that much affected users and the funds are safe, they should remind all of their users that they have to change password.

The hacker won't just delete a database, they can take it before deleting it so they should remind their users that if some unknown and suspicious email comes to them, ignore it.
hero member
Activity: 1666
Merit: 709
Playbet.io - Crypto Casino and Sportsbook
I see many Newbies not understandings that they should not depend on exchanges to house the coin, I think the amount of Newbies saving their coins on exchange like Binance are more than the Newbies saving their coins in a private wallet of theirs

Exchanges are a public company and every time are in the Target range of hackers/fraudster, this attack's might be defended by the exchange, still now and then they get defeated, and also exchange negligence.
hero member
Activity: 2856
Merit: 644
https://duelbits.com/

I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.
It is a popular destination for mid and low cap DeFi  tokens or NFT so the number is not surprising. The attackers are most likely waiting for Hotbit to resume operation again and try to exploit possible holes from rebuilding their database.
hero member
Activity: 2954
Merit: 796
Hotbit is famous for faking volumes on there exchange so I doubt that they had indeed 2M user registered on there exchange. I use that exchange for some coin that still not listed on Big exchange but besides that, I will not put my money on that exchange since there security is not that strong and I wonder if they have some insurance incase user funds hack.
hero member
Activity: 2926
Merit: 567


I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.

So if you have an account on this exchange, better follow their official twitter account.

Another lessons, "not your keys, not your coins" adage.

They should have a copy of their database this is an exchange or their web host can provide a copy, they can restore it and hopefully, things will be ok since all funds are safe, with 2 million users and they are just starting to build their reputation they should make the restoration as fast as possible and should update their users in a daily basis.
hero member
Activity: 2856
Merit: 644
https://duelbits.com/
Hotbit said that the user's assets are still safe, it's just that the database is lost so I think it will take some time to restore it, but what about those people who are worried about their assets so much there, there must be a guarantee that they will be able to restore it.
I'm still lucky because before the hack happened I made a $700 withdrawal before and I secured this in my cold wallet to stay away from things like this so I think this hack was triggered because of the weak security of the Hotbit.
sr. member
Activity: 1554
Merit: 413

I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.
It is a popular destination for mid and low cap DeFi  tokens or NFT so the number is not surprising. The attackers are most likely waiting for Hotbit to resume operation again and try to exploit possible holes from rebuilding their database.
legendary
Activity: 1624
Merit: 1200
Gamble responsibly
https://bitcointalksearch.org/topic/m.56904573

That is one of the recent report about Hotbit crypto exchange hack that happened recently, but I just did not only focused it on the exchange because it can happen to any other exchange, even binance has been hacked before in the past.

It is good to just not leave coins on exchanges if we are not trading, many users information were exposed which is very annoying but it has now been usual occurrences these days but most people are very ignorant of how data breach can be very dangerous. It is better to be protect ourselves from the world by using noncustodial wallets which will not require our information.
hero member
Activity: 2660
Merit: 551
Not sure if this has been reported in our community, but according to Hotbit's official twitter account:



https://twitter.com/Hotbit_news/status/1388115394271932417

Quote
Currently our work consists of the following two sections:

    Considering the fact that Hotbit is about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure  security, Hotbit team will completely rebuild all servers;

    The attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up , we are still uncertain whether the attacker has poluted data or not before the attack. . Therefore, we also need to conduct a comprehensive inspection of the overall data. Once any anomaly is detected, we will perform an accurate reconstruction to ensure that all user data is accurate.

Therefore, these two sections of work will consume a lot of time. We initially expect that the recovery period will last about 7-14 days. The estimated time of recovery will be more as all things going on, and we will update our latest progress in Hotbit communities as well.

https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-

I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.

So if you have an account on this exchange, better follow their official twitter account.

Another lessons, "not your keys, not your coins" adage.
Jump to: