Eterbase Exchange Security Breach with a Loss of $5,400,000

Summary

Eterbase, a European cryptocurrency exchange, based in Slovakia, suffered a significant security breach on September 7, 2020. Multiple hot wallets were compromised, including in Bitcoin, Ethereum, Tron, Tezos, Algorand and Ripple chains, leading to the theft of approximately $5,400,000 in various cryptocurrencies. The stolen funds were moved to different addresses and subsequently withdrawn to centralized exchanges like Binance, Huobi, and HitBTC.

Attackers

The identity of the attackers remains unknown. The stolen funds were moved to the following addresses:

• Ethereum
  • 0x7860F7b2874e77E80bE0fC6EbfB9414f89781aD9
• Tron
  • TPdhhbCHqXzrDyUiQnHApS7VL2UxB8Qhna
• Tezos
  • tz1hnoxVgc8Z1DUa6D18EUkPCXmNbaHwmLRc
• Bitcoin
  • 1ANLZZ2YFGumRXaD3EMii92zWQgvX2CK9c
• Algorand
  • PDVFO5SDJMOJ6MC7KAD27DDGQ5YQD4IUTDJR2QRCPENT5A5T6CGT2VAAEI
• Ripple
  • rNwgkFj6QadEXUyS1jgTD2XEsi8HanKzDX

Losses

The total loss was approximately $5,400,000. Detailed losses across all chains:

• Bitcoin
  • 11.05 BTC
• Tron
  • 1,420,709 TRX
• Tezos
  • 185,457 XTZ
• Algorand
  • 1,120,783 ALGO
• Ripple
  • 859,226 XRP
• Ethereum
  • 387 ETH and multiple tokens with various amounts

Timeline

• September 7, 2020, 10:44 PM UTC: First malicious transaction was executed on Tezos chain
• September 8, 2020, 05:44 AM UTC: Hackers withdrew funds on the Algorand network, completing the transfer of funds under their control.
• September 8, 2020, 07:07 AM UTC: Eterbase announced on their Telegram channel that their six hot wallets were compromised and disclosed attacker’s wallets.
• September 8, 2020, 07:11 AM UTC: The exchange halted their services and turned to maintenance mode.
• January 13, 2021, 01:38 PM UTC: Eterbase resumed platform operations after four months from the incident.
• February 19, 2021, 02:43 PM UTC: Robert Auxt, Founder of Eterbase, confirmed that the case would be forwarded to Europol and the company is monitoring over 12 million EUR worth of assets that have ended up on the Binance, Huobi, and HitBTC exchanges.
• April 8, 2021, 04:09 PM UTC: Following the loss of several important partners and financial providers, Eterbase announced a temporary halt to all operations starting April 19, 2021, urging users to withdraw all funds.

Security Failure Causes

Private Key Compromise: Eterbase’s hot wallets were compromised, leading to the theft. The specific details of how the wallets were compromised have not been disclosed. Web Infrastructure Attack: The simultaneous hack of multiple wallets points to a more extensive web infrastructure attack, possibly targeting vulnerabilities in the platform’s security system to gain unauthorized access to the private keys.