-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
64 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| --- | ||
| date: 2020-09-07 | ||
| target-entities: Eterbase | ||
| entity-types: | ||
| - Exchange | ||
| - Custodian | ||
| attack-types: | ||
| - Wallet Hack | ||
| - Web Infrastructure Attack | ||
| title: "Eterbase Exchange Security Breach with a Loss of $5,400,000" | ||
| --- | ||
|
|
||
| ## Summary | ||
|
|
||
| Eterbase, a European cryptocurrency exchange, based in Slovakia, [suffered a significant security breach](https://blog.merklescience.com/hacktrack/hack-track-eterbase-cryptocurrency-exchange) on September 7, 2020. Multiple hot wallets were compromised, including in Bitcoin, Ethereum, Tron, Tezos, Algorand and Ripple chains, leading to the theft of approximately $5,400,000 in various cryptocurrencies. The stolen funds were moved to different addresses and subsequently withdrawn to centralized exchanges like Binance, Huobi, and HitBTC. | ||
|
|
||
| ## Attackers | ||
|
|
||
| The identity of the attackers remains unknown. The stolen funds were moved to the following addresses: | ||
|
|
||
| - **Ethereum** | ||
| - [0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9](https://etherscan.io/address/0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9) | ||
| - **Tron** | ||
| - [TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna](https://tronscan.org/#/address/TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna) | ||
| - **Tezos** | ||
| - [tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc](https://tzstats.com/tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc) | ||
| - **Bitcoin** | ||
| - [1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c](https://www.blockchain.com/explorer/addresses/btc/1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c) | ||
| - **Algorand** | ||
| - [PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI](https://algoexplorer.io/address/PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI) | ||
| - **Ripple** | ||
| - [rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX](https://xrpscan.com/account/rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX) | ||
|
|
||
| ## Losses | ||
|
|
||
| The total loss was approximately $5,400,000. Detailed losses across all chains: | ||
|
|
||
| - **Bitcoin** | ||
| - 11.05 BTC | ||
| - **Tron** | ||
| - 1,420,709 TRX | ||
| - **Tezos** | ||
| - 185,457 XTZ | ||
| - **Algorand** | ||
| - 1,120,783 ALGO | ||
| - **Ripple** | ||
| - 859,226 XRP | ||
| - **Ethereum** | ||
| - 387 ETH and multiple tokens with various amounts | ||
|
|
||
| ## Timeline | ||
|
|
||
| - **September 7, 2020, 10:44 PM UTC:** [First malicious transaction was executed](https://tzstats.com/oomFmD1oNNmwWsgebeZueiPZGuK5cCG4Dveor8wtZ8C5WLrUetw/73312501903) on Tezos chain | ||
| - **September 8, 2020, 05:44 AM UTC:** Hackers [withdrew funds on the Algorand network](https://algoexplorer.io/tx/ZYQAKDJVOXES2Q3IKVBVGGI37QUT4KKBIL2344I6CJEZZ35FJ2EA), completing the transfer of funds under their control. | ||
| - **September 8, 2020, 07:07 AM UTC:** Eterbase [announced on their Telegram channel](https://t.me/eterbasenews/639) that their six hot wallets were compromised and disclosed attacker's wallets. | ||
| - **September 8, 2020, 07:11 AM UTC:** The exchange [halted their services and turned to maintenance mode](https://twitter.com/ETERBASE/status/1303229581814640640). | ||
| - **January 13, 2021, 01:38 PM UTC:** Eterbase [resumed platform operations](https://twitter.com/ETERBASE/status/1349350137458470913) after four months from the incident. | ||
| - **February 19, 2021, 02:43 PM UTC:** [Robert Auxt](https://www.linkedin.com/in/robert-auxt-1b24799/), Founder of Eterbase, [confirmed that the case would be forwarded to Europol and the company is monitoring over 12 million EUR worth of assets](https://twitter.com/AuxtRobert/status/1362774706210951177) that have ended up on the Binance, Huobi, and HitBTC exchanges. | ||
| - **April 8, 2021, 04:09 PM UTC:** Following the loss of several important partners and financial providers, Eterbase [announced a temporary halt to all operations](https://twitter.com/ETERBASE/status/1380191015915679750) starting April 19, 2021, urging users to withdraw all funds. | ||
|
|
||
| ## Security Failure Causes | ||
|
|
||
| **Private Key Compromise:** Eterbase's hot wallets were compromised, leading to the theft. The specific details of how the wallets were compromised have not been disclosed. | ||
| **Web Infrastructure Attack:** The simultaneous hack of multiple wallets points to a more extensive web infrastructure attack, possibly targeting vulnerabilities in the platform's security system to gain unauthorized access to the private keys. |