From 3304c6b518c0a8266c5700c40eac564646ff731d Mon Sep 17 00:00:00 2001 From: Omur <83595409+JediFaust@users.noreply.github.com> Date: Thu, 17 Aug 2023 20:33:53 +0600 Subject: [PATCH] eterbase initial (#217) --- content/attacks/posts/2020-09-07-Eterbase.md | 64 ++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 content/attacks/posts/2020-09-07-Eterbase.md diff --git a/content/attacks/posts/2020-09-07-Eterbase.md b/content/attacks/posts/2020-09-07-Eterbase.md new file mode 100644 index 000000000..946035f2c --- /dev/null +++ b/content/attacks/posts/2020-09-07-Eterbase.md @@ -0,0 +1,64 @@ +--- +date: 2020-09-07 +target-entities: Eterbase +entity-types: + - Exchange + - Custodian +attack-types: + - Wallet Hack + - Web Infrastructure Attack +title: "Eterbase Exchange Security Breach with a Loss of $5,400,000" +--- + +## Summary + +Eterbase, a European cryptocurrency exchange, based in Slovakia, [suffered a significant security breach](https://blog.merklescience.com/hacktrack/hack-track-eterbase-cryptocurrency-exchange) on September 7, 2020. Multiple hot wallets were compromised, including in Bitcoin, Ethereum, Tron, Tezos, Algorand and Ripple chains, leading to the theft of approximately $5,400,000 in various cryptocurrencies. The stolen funds were moved to different addresses and subsequently withdrawn to centralized exchanges like Binance, Huobi, and HitBTC. + +## Attackers + +The identity of the attackers remains unknown. The stolen funds were moved to the following addresses: + +- **Ethereum** + - [0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9](https://etherscan.io/address/0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9) +- **Tron** + - [TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna](https://tronscan.org/#/address/TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna) +- **Tezos** + - [tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc](https://tzstats.com/tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc) +- **Bitcoin** + - [1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c](https://www.blockchain.com/explorer/addresses/btc/1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c) +- **Algorand** + - [PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI](https://algoexplorer.io/address/PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI) +- **Ripple** + - [rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX](https://xrpscan.com/account/rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX) + +## Losses + +The total loss was approximately $5,400,000. Detailed losses across all chains: + +- **Bitcoin** + - 11.05 BTC +- **Tron** + - 1,420,709 TRX +- **Tezos** + - 185,457 XTZ +- **Algorand** + - 1,120,783 ALGO +- **Ripple** + - 859,226 XRP +- **Ethereum** + - 387 ETH and multiple tokens with various amounts + +## Timeline + +- **September 7, 2020, 10:44 PM UTC:** [First malicious transaction was executed](https://tzstats.com/oomFmD1oNNmwWsgebeZueiPZGuK5cCG4Dveor8wtZ8C5WLrUetw/73312501903) on Tezos chain +- **September 8, 2020, 05:44 AM UTC:** Hackers [withdrew funds on the Algorand network](https://algoexplorer.io/tx/ZYQAKDJVOXES2Q3IKVBVGGI37QUT4KKBIL2344I6CJEZZ35FJ2EA), completing the transfer of funds under their control. +- **September 8, 2020, 07:07 AM UTC:** Eterbase [announced on their Telegram channel](https://t.me/eterbasenews/639) that their six hot wallets were compromised and disclosed attacker's wallets. +- **September 8, 2020, 07:11 AM UTC:** The exchange [halted their services and turned to maintenance mode](https://twitter.com/ETERBASE/status/1303229581814640640). +- **January 13, 2021, 01:38 PM UTC:** Eterbase [resumed platform operations](https://twitter.com/ETERBASE/status/1349350137458470913) after four months from the incident. +- **February 19, 2021, 02:43 PM UTC:** [Robert Auxt](https://www.linkedin.com/in/robert-auxt-1b24799/), Founder of Eterbase, [confirmed that the case would be forwarded to Europol and the company is monitoring over 12 million EUR worth of assets](https://twitter.com/AuxtRobert/status/1362774706210951177) that have ended up on the Binance, Huobi, and HitBTC exchanges. +- **April 8, 2021, 04:09 PM UTC:** Following the loss of several important partners and financial providers, Eterbase [announced a temporary halt to all operations](https://twitter.com/ETERBASE/status/1380191015915679750) starting April 19, 2021, urging users to withdraw all funds. + +## Security Failure Causes + +**Private Key Compromise:** Eterbase's hot wallets were compromised, leading to the theft. The specific details of how the wallets were compromised have not been disclosed. +**Web Infrastructure Attack:** The simultaneous hack of multiple wallets points to a more extensive web infrastructure attack, possibly targeting vulnerabilities in the platform's security system to gain unauthorized access to the private keys.