The platform announced the breach in tweets, saying that the event was identified at around 1 a.m. local time Thursday. Users funds are insured and anyone who lost cryptocurrency would be refunded, according to the company.
The exchange said:
“First of all, please let us assure you that this situation is under control, 100% of lost funds will be returned to users, and we are reviewing our security measures and policies to ensure this does not happen again.”
Bitrue further detailed that 9.3 million XRP, worth $4.01 million, and 2.5 million cardano (ADA), worth $231,800, had been accessed and transferred off its platform.
As for how the breach occurred, the exchange explained:
“A hacker exploited a vulnerability in our Risk Control team’s 2nd review process to access the personal funds of about 90 Bitrue users. The hacker used what they learned from this breach to then access the Bitrue hot wallet and move 9.3 million XRP and 2.5 million ADA to different exchanges.”
Bitrue is working with the Huobi, Bittrex and ChangeNOW exchanges and says they have frozen funds and accounts associated with the hack.
In another tweet, Bitrue said it is conducting an emergency inspection of its systems and aims to be up and running normally again “as soon as possible.”
Early this year, Bitrue said it was also affected by a 51-percent attack on the ethereum classic cryptocurrency in which a hacker had tried to withdraw 13,000 ETC but claimed the attempted theft had been stopped by its system.
ADA is currently trading down nearly 6 percent at $0.092, while XRP is down nearly 9 percent at $0.43, according to CoinMarketCap data. It’s worth noting that the wider crypto market is generally in the red at press time.