Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 133Private Key Compromise

Bitrue Hot Wallet Exploit

A single signing-key compromise swept $23M in ETH, QNT, GALA, SHIB, HOT and MATIC from Bitrue's hot wallet, under 5% of exchange balances, before any pause.

Date
Victim
Bitrue
Chain(s)
Ethereum
Status
Funds Stolen

On April 14, 2023, the cryptocurrency exchange Bitrue disclosed a hot-wallet compromise that drained approximately $23 million in a coordinated multi-token sweep. The wallet held less than 5% of Bitrue's total customer assets — but the speed of the drain meant the loss happened before any withdrawal pause could take effect.

What happened

The attacker obtained private-key signing authority over the affected hot wallet — exact vector never publicly disclosed — and used it to drain a deliberately diverse basket of long-tail ERC-20 tokens in addition to the standard reserve assets. Security firm PeckShield's on-chain analysis identified the major outflows as:

  • 173,000 QNT (Quant Network) — ~$2.5M
  • 22.55 billion SHIB (Shiba Inu) — ~$300K
  • 46.4 million GALA — ~$2.5M
  • 310,000 MATIC — ~$300K
  • The remainder in ETH, HOT and other tokens.

The attacker rapidly swapped the long-tail tokens into ETH (~8,540 ETH total) on DEX aggregators, specifically to escape exchange-coordinated freezes that would have been straightforward to coordinate on the smaller-cap tokens but were less viable on ETH itself.

Aftermath

  • Bitrue paused all withdrawals and restored services on April 18 after rotating hot-wallet keys.
  • The exchange announced full compensation for affected users from corporate reserves.
  • The stolen funds were laundered through Tornado Cash; no public recoveries.

Why it matters

Bitrue is one of the mid-tier 2023 exchange compromises that reinforced the pattern that ultimately culminated at much larger scale at Phemex, BingX, and DMM Bitcoin: hot wallets holding only a small percentage of total reserves can still be drained for $20-100M+ because the percentage is by design — that's how much liquidity the exchange needs to keep on hand to service withdrawals. The defensive answer is per-chain key segregation with strict per-wallet velocity limits, but in practice the limits are often calibrated against legitimate withdrawal patterns rather than against worst-case-attacker outflows.

Sources & on-chain evidence

  1. [01]crypto.newshttps://crypto.news/bitrue-crypto-exchange-suffers-23m-hot-wallet-exploit/
  2. [02]coindesk.comhttps://www.coindesk.com/business/2023/04/14/crypto-exchange-bitrue-drained-of-23m-in-hack-of-ether-shiba-inu-other-tokens
  3. [03]cyvers.aihttps://cyvers.ai/blog/bitrue-exchange-alerted-by-cyvers-suffers-23-million-crypto-hack-hot-wallet-compromised

Related filings