[Attention] Hotbit shutdown all service for 7 days because of cyber attack

[Imran232]

Actually i was little bit confused where this should be thats why i posted it on Meta. Because lots of people visit meta and users must know this news. Thats why i share here.

 

Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29,2021, which led to the paralyzation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system).
In this case, Hotbit team has shut down all services for inspection and restoration immediately, and the overall recovery period is expected to be no less than 7 days.

Full article:
https://hotbit.zendesk.com/hc/en-us/articles/1500008915521

[JohnBitCo]

Actually i was little bit confused where this should be thats why i posted it on Meta. Because lots of people visit meta and users must know this news. Thats why i share here.

If one section is visited more than the other, it does not mean that you post there just to grab more attention.

This post should belong to Service Discussion section. Meta section is mainly to discuss about the things which are relevant to the bitcointalk forum.

[The Sceptical Chymist]

If you have an account on Hotbit, the following are things you should be aware of

    The attacker has already gained access to the database, so your registration phone number, email address and asset data might have leaking risk. However, the password and 2FA key are encrypted so theoriotically should be safe. But from the security point of view, if your account and password on another website or app are the same as Hotbit's, it is safer to change the password now;

Ugh.  Here's a great reason why crypto exchanges should have a solid reputation and security before anyone even thinks of handing over their KYC docs.  There are lots of smaller exchanges which are now asking their customers to go through some kind of verification, and I just don't trust any of them with my data--which is why I've never created accounts with a lot of exchanges that I'd like to be able to use.

Hopefully this situation is precisely as it's being described by Hotbit and that there's not something more sinister going on behind the scenes--I'm not implying that there is, but you just never know.  Crazy things happen when crypto prices start shooting up, and that's when otherwise reputable exchanges go rogue.

[BitcoinGirl.Club]

Ugh.  Here's a great reason why crypto exchanges should have a solid reputation and security before anyone even thinks of handing over their KYC docs.  

And how do you measure it, I mean what is your scale.

Does ledger not have a solid reputation and perhaps security before they get hacked?
How about those exchanges like Coinbase, Binance, and all those big exchanges got hacked even hackers shared KYC data. Didn't they have a solid reputation?

I think when you are handing out your KYC information to a close friend you are trusting them in good faith. But if they misuse it then you are screwed. At some point we all need to trust something or someone.

Thats why i share here.

For a few moments I thought you are someone from hotbit. Is this a big exchange like Binance and others? I hope it's not.

[SFR10]

@Imran232
Thanks for the warning and looks like the scammer in question got really frustrated at his/her own failed attempts

2. The attacker maliciously deleted the user database after failing to obtain assets.

Is this a big exchange like Binance and others? I hope it's not.

I'm not sure how many users those popular exchanges have but in the above link, they claimed to have around "2 million registered users", so I'd consider it a significant amount.
Not sure why they chose to expose their new hot & cold wallets on Twitter...

[dkbit98]

I am not surprised to see one more exchange got hacked or possibly going to exitscam on their customers, and same thing could happen again to Binance and all other exchanges.
It needs to be repeated all the time, exchanges are meant only for trading and not for holding coins, and not your keys means not your coins.

Does ledger not have a solid reputation and perhaps security before they get hacked?
How about those exchanges like Coinbase, Binance, and all those big exchanges got hacked even hackers shared KYC data. Didn't they have a solid reputation?

Ledger is probably one of the worst example how you can ruin your reputation with repeated leaks and amateur owners who don't care about customer privacy, and I remember hackers also selling customers KYC from Binance.
Anything can be hacked but I think that so far only Kraken exchange has never been hacked (so far) and others may need to learn something from them.

Not sure why they chose to expose their new hot & cold wallets on Twitter...

Wallets for most exchanges are publicly known anyway and I think that only Coinbase hides them, but you can connect the dots and find their wallets also.

[stomachgrowls]

I love the transparency that they do had in times like these where you can really see updates on whats been done rather than giving out dates
without telling the progress or development of such recovery.

May 1st, 2021
Complete the plan of the new architecture, with approximately 200 servers in the process of reinstallation of system environment.

Its no surprise that Exchangers would really be the primary target of hackers knowing off that these are the honey pots for them to possibly take millions if they do succeed.
Good thing that this one hadnt really been affected much and good thing that they had set out some back ups which is really a standard thing to be done by these platforms.
7-14 days recovery is somewhat considerable but lets hope that there would be no other surprise issue would comes next.

[FIFA worldcup]

If you have an account on Hotbit, the following are things you should be aware of

    The attacker has already gained access to the database, so your registration phone number, email address and asset data might have leaking risk. However, the password and 2FA key are encrypted so theoriotically should be safe. But from the security point of view, if your account and password on another website or app are the same as Hotbit's, it is safer to change the password now;

Ugh.  Here's a great reason why crypto exchanges should have a solid reputation and security before anyone even thinks of handing over their KYC docs.  There are lots of smaller exchanges which are now asking their customers to go through some kind of verification, and I just don't trust any of them with my data--which is why I've never created accounts with a lot of exchanges that I'd like to be able to use.

People think that if their funds and passwords are save at the site, they are good to go. The fact is that even if hacker only get hold of the KYC, they could make a big damage than we could ever imagine. All our KYC documents can be sold in black market for very reasonable price and then they could be misused .
Think someone used your KYC documents to make account at exchanges and then involve in money laundering. 

[BitcoinGirl.Club]

Ledger is probably one of the worst example how you can ruin your reputation with repeated leaks and amateur owners who don't care about customer privacy

Before the database hack it was not believed to be poor at all. This is an after hack conspiracy.

and I remember hackers also selling customers KYC from Binance.

Yes, they were posting KYC images with a picture holding the Identity information.

Anything can be hacked but I think that so far only Kraken exchange has never been hacked (so far) and others may need to learn something from them.

This is even riskier LOL
Maybe we will see the next hack happened in Kraken, just saying 🤣

exchanges are meant only for trading and not for holding coins,

Consider the withdrawal fees and think about those small scale traders. For every withdrawal they are paying huge in fees which basically demotivate users to withdraw from the exchanges. There are also things accessing like Stop Loss feature etc. Once you are moving the coins then you are basically disconnected from trades. I think for this reason most of the users do not move their coins.

It's different for long terms holders though who do not care about the price of the crypto they are holding.

[Husires]

A week is a long time Many may happen  with weak hands and ready cyber attack story or may report losing part of the money by the employees.
Such events require transparency and accuracy with the users.
it would have been better for users to see their balances within 24 hours and to freeze all withdrawals for 72 hours or more.
What will happen if bitcoin price falls? Will users funds protected?

[pilosopotasyo]

A week is a long time Many may happen  with weak hands and ready cyber attack story or may report losing part of the money by the employees.
Such events require transparency and accuracy with the users.
it would have been better for users to see their balances within 24 hours and to freeze all withdrawals for 72 hours or more.
What will happen if bitcoin price falls? Will users funds protected?

They do not offer guaranty on price fluctuations, the best that users can do now is to hold on to Hotbit words that they are deign their best and they are going to fix everything within 7 days, so if you are the kind of storing most of your coins on exchange and you have coins on Hotbit that's 7 days of anxiety, there's really no safe exchange so only trust your knowledge and educate yourself on the best place to store your wallet.

[JohnBitCo]

A week is a long time Many may happen  with weak hands and ready cyber attack story or may report losing part of the money by the employees.
Such events require transparency and accuracy with the users.
it would have been better for users to see their balances within 24 hours and to freeze all withdrawals for 72 hours or more.
What will happen if bitcoin price falls? Will users funds protected?

They do not offer guaranty on price fluctuations, the best that users can do now is to hold on to Hotbit words that they are deign their best and they are going to fix everything within 7 days, so if you are the kind of storing most of your coins on exchange and you have coins on Hotbit that's 7 days of anxiety, there's really no safe exchange so only trust your knowledge and educate yourself on the best place to store your wallet.

Unfortunately that's the only thing Hotbit users can do is wait and hope Hotbit resumes after seven days. If they are lucky enough, they will get access to their accounts with full balance. The next thing they should do is to withdraw all money from this exchange and never return to such shady exchange again.