A cyberattack shut down a cryptocurrency trading platform Hotbit for at least a week.
“Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” the exchange said.
Attackers took down several of the platform services affecting its normal operation and roughly 2 million registered users from over 210 countries (500,000 of them on its Android app).
Hotbit assured customers that their cryptocurrency assets were “safe and secure.” However, the attackers have tried to break into the user wallets:
“Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system).”
Threat actors did not steal any cryptocurrency assets, but managed to cause more trouble anyway: they deleted Hotbit’s database.
As a result, Hotbit believed the attackers got access to plain text customer information like phone number, email address, and asset data stored within its database.
Operators of the exchange are also looking for signs of information tampering that could have damaged its backed-up data. If they deem it safe, the company will proceed to restore its servers and services.
According to Hotbit, the investigation and recovery could take between 7 and 14 days since they will have to analyze backup data before starting the system restoration.
The company advises its customers to watch out for phishing attempts faking legitimate Hotbit communication. The platform also recommended that users change passwords on other online services where they use the same credentials, even though all passwords and 2FA keys were stored encrypted on the platform.
Some Hotbit users spotted suspicious transfers from the exchange’s wallets after the attack, but Hotbit said that these were legitimate transfers of funds necessary for creating new cold wallets.