- After a year of inactivity, the Bitrue hacker resumed operations to take out the stolen tokens.
- The stolen SHIB and HOT were sold for 1,511 Ether and laundered through Tornado Cash.
- Bitrue capped the loss, but the hacker remained calm and split the transactions to avoid detection.
After almost a year of inactivity, the Bitrue hacker began transferring the stolen assets through Tornado Cash and Ethereum. The hacker who had taken $23 million from Bitrue started transferring the money soon after almost a year had passed.
The attacker additionally carried out some blockchain transactions that changed notable SHIB and HOT tokens into ETH currency. Through several transactions, the hacker attempts to attack decentralized platforms to clean up stolen funds.
Details of the Original Bitrue Breach
The Onchain Lens records show that the hacker conducted transactions of $2.88 million from SHIB and HOT. The exchange process involved 1,511 ETH tokens gained by trading 1,511 tokens at an average price of $1,911 each. The same hacker conducted sales of 4,207 ETH to receive 1,634.5 DAI in March 2024, which yielded around $3,885 for each ETH. The initial transfer happened when market forces were stronger than at present.
The selling transaction of 150 billion SHIB tokens generated 1,090.4 ETH, which resulted in a total worth of $1.97 million. However, The hacker completed a transaction of 135 million HOT that resulted in a receipt of 76.5 ETH, which equaled an approximate value of $140,000.
Bitrue Responds Quickly
The Bitrue company announced the wallet breach on April 14, 2023, while reporting an exploit on their operational hot wallet system. The incident took place during UTC 07:18 as hackers stole various assets. The hacker stole six different assets from Bitrue: Ethereum (ETH), Quant (QNT), Gala (GALA), Shiba Inu (SHIB), Holo (HOT), and Polygon (MATIC).
The Bitrue team reacted by locking down their wallets while minimizing further financial losses. The breach of crypto assets reached $23 million before Bitrue could contain the vulnerability.
The hacker followed the first security breach with rapid asset exchange using Ethereum public transactions. Through this conversion, the hacker could merge different assets into one portable and easily tradable asset pool. Transactions were spread across different time intervals to minimize detection as the attacker transferred predominant sums.
Furthermore, Through Tornado Cash operations, the hacker engaged in fund laundering activities. The attacker conducted the latest transactions, which resulted in large Ethereum transfers through Tornado Cash.
According to Blocks and Transfers statistics, the hacker used Tornado Cash to launder about 1,050 ETH, or $1.89 million. Tornado Cash allows users to combine tokens, which makes it unclear how money moves between Ethereum blockchain transactions.
Rise in DeFi Hacks Compared to Exchange Thefts
Hackers are shifting their focus to DeFi platforms rather than exchanges. In the first 3 months of 2022, only 3% of the funds reported stolen were stolen from centralized exchanges.
In addition, it noted that 97% of these tokens went to decentralized finance (DeFi) protocols, per data from Chainalysis. Recent Chainalysis reports from 2020 to 2021 Q1 show the shift from the earlier hacking of exchanges to the hacking of Decentralized Finance.
