Hotbit cryptocurrency exchange down after hackers targeted wallets

Image: Tim Mossholder

Cryptocurrency trading platform Hotbit has shut down all services for at least a week after a cyberattack that down several of its services on Thursday evening.

Hotbit assured its roughly 2 million registered users from over 210 countries (500,000 of them using the platform's Android app) that their cryptocurrency assets were "safe and secure."

"Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29,2021, which led to the paralyzation of a number of some basic services," the exchange said.

"Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system)."

While the threat actors could not gain access to any cryptocurrency assets, they did delete Hotbit's database.

The exchange is also looking into any signs of information tampering that could have polluted any of its regularly backed up data before restoring servers and services.

Customers were told that the investigation and recovery process could take between 7 and 14 days due to the time needed to analyze backup data before starting the system restoration process.

Hotbit added that the attackers gained access to plain text customer information (phone number, email address, and asset data) stored within its database.

Customers were advised to watch out for phishing attempts impersonating Hotbit and recommended reaching out to confirm the validity of any suspicious message.

Even though customers' passwords and 2FA keys were stored in encrypted form, the exchange warned users to change passwords on other online services where they use the same credentials.

The exchange shared additional information regarding affected orders and products:

• Leveraged ETF products are not suitable for long-term holding and therefore Hotbit will be fully responsible for all losses suffered by the position-holder during the maintenance period.
• Your Open Orders on Hotbit will be canceled when the system is restored to avoid unintended trading losses.
• All daily routine income distributions (such as investment products, current products and FIL cloud computing power ) will be paid out after the maintenance is completed .

While Hotbit users have already spotted suspicious transfers from the exchange's wallets after the attack, Hotbit said that these are legitimate transfers of funds to a new cold wallet.

Internet-connected hot wallets are used by exchanges to temporarily store assets for ongoing transfers and transactions, unlike cold wallets (aka offline or hardware wallets), which have no Internet connection.