Custodial crypto exchange hack as usual

[Oshosondy]

Recently I was reading about how custodial exchanges are hacked, there has been several exchanges that has been hacked since 2011 till now, and the last one that happened was just this Thursday that have just passed away which was yesterday, the exchange involved was hotbit, it was not an actual hack that led to loss of coins, but the hotbit database was compromised by hackers.

What makes me surprise after the whole reading, I noticed custodial exchange are making use of hot wallet for customers satisfaction, that alone will encourage hackers that they can do it, that they can be able to hack exchanges because they are using hot wallet wallet to handle customers cryptocurrencies.

https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-Hotbit-s-Announcement-on-Emergency-Maintenance

If you have an account on Hotbit, the following are things you should be aware of
1. The attacker has already gained access to the database, so your registration phone number, email address and asset data might have leaking risk. However, the password and 2FA key are encrypted so theoriotically should be safe. But from the security point of view, if your account and password on another website or app are the same as Hotbit's, it is safer to change the password now;

2. If you receive an email or private message in the name of Hotbit, you can contact us through official channels (Twitter, Facebook, Telegram) to verify identity before replying;

3. Leveraged ETF products are not suitable for long-term holding and therefore Hotbit will be fully responsible for all losses suffered by the position-holder during the maintenance period.

4. Your Open Orders on Hotbit will be canceled when the system is restored to avoid unintended trading losses.

5. All daily routine income distributions (such as investment products, current products and FIL cloud computing power ) will be paid out after the maintenance is completed .

Never hodl on exchanges, move your funds to noncustodial wallet, offline wallet is the best for security.

[1715627852]

1715627852

[1715627852]

1715627852

[Little Mouse]

Never hodl on exchanges, move your funds to noncustodial wallet, offline wallet is the best for security.

They say, "Not your keys, not your coins." and we must follow this although most of the times, we are so unaware and too lazy to move the fund. It may not be your exchange today but tomorrow it can be the exchange you use.
Anyway, it seems a database hack, since no financial loss happened, everything should be fine soon.
I have watched few exchanged hacked but luckily I didn’t have much fund there.

[TheMimic1]

Another good example that's says 👉 don't ever use same password on every websites you open an account with, once one is been breached those son of a bitch will start trying it on other websites as well, hackers have no heaven honestly 😂😂

[mersal]

Hot wallets reduce the hack amount, or else the complete money on the exchange will have vanished from their wallet if they are not going to use cold storage.Scammers and hackers will never stop they always going to try to steal money from people in someway if it is possible so its the exchange responsible to keep their security system update and precaution measures if anything goes wrong can save customers from complete losses.

[Oshosondy]

Another good example that's says 👉 don't ever use same password on every websites you open an account with, once one is been breached those son of a bitch will start trying it on other websites as well, hackers have no heaven honestly 😂😂

Yes that is not good at all, reusing passwords is not good, some people have even complained about account hack on this forum due to using of same passwords on other sites, it should be one site one password and another site another password.

[BITCOIN4X]

Hundred of times people keep warning anyone that an exchange is not a safe place to hold asset, and I think that should get some attention. Storing asset in an exchange is absolutely not recommended if it is done in the long term even though we know that the exchange has a good reputation and will be responsible for any losses of customers. Exchange hacks or database leaks don't happen just this once, everyone should weigh the risks even if they are active in trading.

everyone can find complete information here. Hotbit's Announcement on Emergency Maintenance

[DdmrDdmr]

This is a thread that summarizes the hacks on Exchanges since 2011: Hacked Exchanges since 2011. Cases from 2021 are not yet on the list (the OP has barely been able to be active lately), but if someone adds 2011 cases to the thread, I’m sure they’ll be included in the lists eventually.

Besides hacks, Exchanges are subject to the possibility of accounts been frozen, regulation changes, exits scams, and so forth. Obviously, it’s not the everyday norm, but something to consider. On the other hand, not everyone is ready to be their own bank, and unfortunately, many people lose their bitcoins because of this (lost keys, malware, phishing, etc.). It’s not all black and white.

[Fortify]

This is a thread that summarizes the hacks on Exchanges since 2011: Hacked Exchanges since 2011. Cases from 2021 are not yet on the list (the OP has barely been able to be active lately), but if someone adds 2011 cases to the thread, I’m sure they’ll be included in the lists eventually.

Besides hacks, Exchanges are subject to the possibility of accounts been frozen, regulation changes, exits scams, and so forth. Obviously, it’s not the everyday norm, but something to consider. On the other hand, not everyone is ready to be their own bank, and unfortunately, many people lose their bitcoins because of this (lost keys, malware, phishing, etc.). It’s not all black and white.

That is a great resource, if I added them up correctly there have been 96 different hacks resulting in losses between 2011 and 2020. It was surprising to see the odd big name in there like LocalBitcoins and shocking to see one exchange - Bitcoinica - get "hacked" multiple times within the space of 6 months during 2012. Unfortunately Bitcoin is a huge target for hackers and unscrupulous business owners due to its anonymous nature. There are new security exploits found every single day and only one weak link can cause millions in losses, unlike a bank it can be impossible to follow a simple trail. I have a feeling that at least one business owner in the past will have hatched a plan that involves an imaginary hacker taking all customer deposits - it is so important to learn how to hold your own coins securely and away from exchanges.

[boyptc]

Yeah, if you're even holding for the long term then exchanges are not the best place for it. And that's why those affected users will have some weird email coming to them from different sources but their sole purpose is to phish them.

This is a thread that summarizes the hacks on Exchanges since 2011: Hacked Exchanges since 2011.

Thank you! 

[Oshosondy]

Besides hacks, Exchanges are subject to the possibility of accounts been frozen, regulation changes, exits scams, and so forth. Obviously, it’s not the everyday norm, but something to consider. On the other hand, not everyone is ready to be their own bank, and unfortunately, many people lose their bitcoins because of this (lost keys, malware, phishing, etc.). It’s not all black and white.

What I was thinking is that some people do not know what custodial and noncustodial is, there was a time I did not know that until I registered and active on this forum, my first wallet was coinbase, I did not know anything like private key is exiting. It was later I knew private key and seed phrase and how they are important and the reason people saying having bitcoin is like being your own bank, I thought I was my own bank when I was using coinbase not knowing I was wrong. People will like to be there own bank, but they do not know anything called noncustodial wallet, all they know is wallet and they use custodial ones which are easily accessible and spread by other novices.

[Pmalek]

Luckily for Hotbit users, this was just a database leak that didn't result in any loss of coins. What they can expect now, are various phishing emails telling them their funds are at risk, and providing fake links to either change their passwords or download an update of their mobile apps which turns out to be malicious software. Users of some SIM providers can expect SIM swap attacks as well. T-Mobile and AT&T are two providers I remember have been vulnerable to these types of attacks in the past.

[Lucius]

Any serious crypto exchange should keep most crypto assets in cold wallets, and as far as I know most large exchanges have just such security measures. I think we are much safer today than having Mt.Gox happen to us again, which was the biggest hack of its kind that still has its consequences today.

Never hodl on exchanges, move your funds to noncustodial wallet, offline wallet is the best for security.

I generally agree - "not your keys, not your coins" is something that should be constantly warned about. However, I would like to emphasize that a large part of cryptocurrency users are not yet ready to be their own bank, and that they should leave the complicated part of the work to other people (in this case crypto exchange). What is most dangerous for crypto exchange users is phishing, which is the main reason for the loss of funds - but every non-custodial crypto wallet also has its weaknesses.

Regardless of the security of crypto exchanges and all non-custodial crypto wallets, the human factor is the weakest link that causes the most hacking/loss of coins. In other words, if someone doesn't know what they're doing, it's only a matter of time before they make a fatal mistake, even if they use hardware wallets.

[SquirrelJulietGarden]

Luckily for Hotbit users, this was just a database leak that didn't result in any loss of coins. What they can expect now, are various phishing emails telling them their funds are at risk, and providing fake links to either change their passwords or download an update of their mobile apps which turns out to be malicious software. Users of some SIM providers can expect SIM swap attacks as well. T-Mobile and AT&T are two providers I remember have been vulnerable to these types of attacks in the past.

I use different emails for different exchanges. With small or new exchanges, I use emails that I never use it to create accounts on big exchanges. If I have my biggest fund on a big exchange like Binance, I will use one email for it. That email will never be used to register accounts on any other exchanges. Especially NO, if they are small exchanges.

[BEWARE] Sim Port Attack

[magneto]

Leveraged ETF products are not suitable for long-term holding and therefore Hotbit will be fully responsible for all losses suffered by the position-holder during the maintenance period.

This seems like a serious case of victim blaming here.

Yes, leveraged products probably aren't made to be held in the long run. But does that mean that investors should bear the risk of any misconduct on the exchange's part, or unwise management of security systems? Definitely not.

I do wonder how much they're looking to compensate holders of leveraged positions (if at all). Also, I wouldn't be surprised if they penalise just regular balance-holders somehow as well. Their previous moves don't inspire confidence whatsoever.