The Hacker Behind the $23 Million Bitrue Exchange Breach Has Resurfaced

The hacker behind the $23 million Bitrue exchange breach has resurfaced, moving and laundering a significant portion of the stolen crypto after lying low for nearly a year.

The hacker behind the $23 million Bitrue exchange breach has started moving and laundering a portion of the stolen crypto after nearly a year.

According to blockchain analytics firm Onchain Lens, the attacker recently sold $2.88 million worth of Shiba Inu (SHIB) and Holo (HOT) tokens to acquire 1,511 ETH at an average price of $1,911 per ETH.

15 hours ago, the @BitrueOfficial hacker sold $2.88M worth of $HOT and $SHIB to buy 1,511 $ETH at a price of $1,911.The hacker also sent 1,050 $ETH ($1.89M) through #TornadoCash and still holds 16.34M $DAI and 5,111.45 $ETH in another wallet.Address:… pic.twitter.com/YBSvMoVWN0

Following the conversion, the hacker laundered 1,050 ETH—approximately $1.89 million—through Tornado Cash, a decentralized crypto mixer known for obfuscating fund flows. Despite the transactions, the attacker still controls roughly 5,111 ETH and 16.34 million DAI stablecoins, split across two wallets: 0xe2b5…3ed5 and 0x5026…ca97.

See Also: Bybit’s Ben Zhou Provides Update on $1.4 Billion Hacked ETH/BTC Whereabouts

Hot Wallet Vulnerabilities Reignite Security Concerns

The hacker’s renewed activity has sparked concerns around security practices at centralized exchanges, particularly the risks posed by hot wallets.

Hot wallets offer rapid access for trading but remain more exposed to breaches compared to cold storage solutions, which are typically offline and thus harder to penetrate.

Related: Hacker Mints, Steals $5M ZK Using Admin Key for Old ZKsync Airdrop

Bitrue’s 2024 Hack: A Recap

Singapore-based trading platform Bitrue disclosed the breach in April, revealing that an attacker had drained an estimated $23 million from one of its hot wallets. The stolen assets included Ethereum (ETH), Polygon (MATIC), Shiba Inu (SHIB), Quant (QNT), Gala (GALA), and Holo (HOT).

At the time, Bitrue assured customers that the compromised wallet accounted for less than 5% of total funds and that affected users would be fully reimbursed. However, the breach tarnished Bitrue’s reputation, especially considering the platform had already suffered a $5 million hack in 2019.

1/4: We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation. pic.twitter.com/QioPHSB2DM

In March, the attacker sold 4,207 ETH for approximately 1,634.5 DAI each, at an average selling price of around $3,885 per ETH—considerably higher than current market conditions.

Today’s sale of the remaining SHIB and HOT to acquire additional ETH seems to be part of a slow but methodical laundering strategy.

KiloEX Breach Highlights Growing DEX Security Risks

Meanwhile, decentralized exchanges (DEXs) are facing their own vulnerabilities. Just days ago, KiloEX, a decentralized exchange operating on the BNB Chain and opBNB, fell victim to a $7 million exploit due to a flaw in its oracle system.

The hacker manipulated KiloEX’s price feed, buying undervalued tokens and selling them at inflated prices before draining the platform’s liquidity.

🚨 Security Incident Announcement: KiloEx Vault ExploitDear KiloEx Community,We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is: 0x00fac92881556a90fdb19eae9f23640b95b4bcbdWe urge all partner protocols and platforms to...

As hackers become increasingly sophisticated in exploiting technical flaws and laundering funds, industry players face the critical challenge of fortifying their defenses and rebuilding user trust.

The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.