Eterbase Exchange Security Breach with a Loss of $5,400,000

September 7, 2020

Summary #

Eterbase, a European cryptocurrency exchange, based in Slovakia, suffered a significant security breach on September 7, 2020. Multiple hot wallets were compromised, including in Bitcoin, Ethereum, Tron, Tezos, Algorand and Ripple chains, leading to the theft of approximately $5,400,000 in various cryptocurrencies. The stolen funds were moved to different addresses and subsequently withdrawn to centralized exchanges like Binance, Huobi, and HitBTC.

Attackers #

The identity of the attackers remains unknown. The stolen funds were moved to the following addresses:

Ethereum
- 0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9
Tron
- TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna
Tezos
- tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc
Bitcoin
- 1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c
Algorand
- PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI
Ripple
- rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX

Losses #

The total loss was approximately $5,400,000. Detailed losses across all chains:

Bitcoin
- 11.05 BTC
Tron
- 1,420,709 TRX
Tezos
- 185,457 XTZ
Algorand
- 1,120,783 ALGO
Ripple
- 859,226 XRP
Ethereum
- 387 ETH and multiple tokens with various amounts

Timeline #

September 7, 2020, 10:44 PM UTC: First malicious transaction was executed on Tezos chain
September 8, 2020, 05:44 AM UTC: Hackers withdrew funds on the Algorand network, completing the transfer of funds under their control.
September 8, 2020, 07:07 AM UTC: Eterbase announced on their Telegram channel that their six hot wallets were compromised and disclosed attacker’s wallets.
September 8, 2020, 07:11 AM UTC: The exchange halted their services and turned to maintenance mode.
January 13, 2021, 01:38 PM UTC: Eterbase resumed platform operations after four months from the incident.
February 19, 2021, 02:43 PM UTC: Robert Auxt, Founder of Eterbase, confirmed that the case would be forwarded to Europol and the company is monitoring over 12 million EUR worth of assets that have ended up on the Binance, Huobi, and HitBTC exchanges.
April 8, 2021, 04:09 PM UTC: Following the loss of several important partners and financial providers, Eterbase announced a temporary halt to all operations starting April 19, 2021, urging users to withdraw all funds.

Security Failure Causes #

Private Key Compromise: Eterbase’s hot wallets were compromised, leading to the theft. The specific details of how the wallets were compromised have not been disclosed. Web Infrastructure Attack: The simultaneous hack of multiple wallets points to a more extensive web infrastructure attack, possibly targeting vulnerabilities in the platform’s security system to gain unauthorized access to the private keys.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam