耗資2300萬美元的Bitrue Exchange違規背後的黑客已經浮出水面

耗資2300萬美元的Bitrue Exchange違規行為背後的黑客已經浮出水面，在低落近一年後移動和洗滌了大部分被盜的加密貨幣。

The hacker behind the $23 million Bitrue exchange breach has started moving and laundering a portion of the stolen crypto after nearly a year.

近一年後，耗資2300萬美元的Bitrue Exchange違規行為背後的黑客已經開始移動和洗錢。

According to blockchain analytics firm Onchain Lens, the attacker recently sold $2.88 million worth of Shiba Inu (SHIB) and Holo (HOT) tokens to acquire 1,511 ETH at an average price of $1,911 per ETH.

根據區塊鏈分析公司Onchain Lens的數據，攻擊者最近以平均每ETH的平均價格出售了價值288萬美元的Shiba INU（Shib）和Holo（Hot）代幣，以平均價格為1,911美元。

15 hours ago, the @BitrueOfficial hacker sold $2.88M worth of $HOT and $SHIB to buy 1,511 $ETH at a price of $1,911.The hacker also sent 1,050 $ETH ($1.89M) through #TornadoCash and still holds 16.34M $DAI and 5,111.45 $ETH in another wallet.Address:… pic.twitter.com/YBSvMoVWN0

15小時前，@BitrueOfficial Hacker以1,911美元的價格售出了價值288萬美元的$ HOT和$ SHIB以購買1,511美元的ETH。黑客還通過#TornAdocash發送了1,050美元的ETH（189億美元），並通過#TornAdocash，仍然持有1634萬美元的dai和5,111.45 $ Eth extress。 pic.twitter.com/ybsvmovwn0

Following the conversion, the hacker laundered 1,050 ETH—approximately $1.89 million—through Tornado Cash, a decentralized crypto mixer known for obfuscating fund flows. Despite the transactions, the attacker still controls roughly 5,111 ETH and 16.34 million DAI stablecoins, split across two wallets: 0xe2b5…3ed5 and 0x5026…ca97.

轉換後，黑客洗了1,050 ETH（大約189萬美元），這是龍捲風現金，這是一種以混淆基金流量而聞名的分散的加密貨幣混音器。儘管進行了交易，但攻擊者仍然控制著大約5111個ETH和1,634萬Dai Stablecoins，分裂了兩個錢包：0xE2B5…3ED5和0x5026…CA97。

See Also: Bybit’s Ben Zhou Provides Update on $1.4 Billion Hacked ETH/BTC Whereabouts

另請參閱：Bybit's Ben Zhou提供了14億美元黑客ETH/BTC下落的更新

Hot Wallet Vulnerabilities Reignite Security Concerns

熱錢包脆弱性重新點燃安全問題

The hacker’s renewed activity has sparked concerns around security practices at centralized exchanges, particularly the risks posed by hot wallets.

黑客的重新活動引發了人們對集中交流的安全慣例的擔憂，尤其是熱錢包帶來的風險。

Hot wallets offer rapid access for trading but remain more exposed to breaches compared to cold storage solutions, which are typically offline and thus harder to penetrate.

熱錢包提供了快速的交易訪問權限，但與冷藏解決方案相比，這些問題通常更容易受到破壞，而冷藏解決方案通常是離線的，因此更難穿透。

Related: Hacker Mints, Steals $5M ZK Using Admin Key for Old ZKsync Airdrop

相關：黑客造幣廠，使用admin鍵竊取500萬美元的ZK

Bitrue’s 2024 Hack: A Recap

Bitrue的2024 Hack：回顧

Singapore-based trading platform Bitrue disclosed the breach in April, revealing that an attacker had drained an estimated $23 million from one of its hot wallets. The stolen assets included Ethereum (ETH), Polygon (MATIC), Shiba Inu (SHIB), Quant (QNT), Gala (GALA), and Holo (HOT).

總部位於新加坡的交易平台比特魯（Bitrue）在4月份透露了這一違規行為，表明攻擊者估計從其中一個熱錢包中耗盡了約2300萬美元。被盜的資產包括以太坊（ETH），多邊形（Matic），shiba inu（shib），Quant（qnt），Gala（Gala）和Holo（Hot）。

At the time, Bitrue assured customers that the compromised wallet accounted for less than 5% of total funds and that affected users would be fully reimbursed. However, the breach tarnished Bitrue’s reputation, especially considering the platform had already suffered a $5 million hack in 2019.

當時，Bitrue向客戶保證，受損的錢包佔資金總資金的不到5％，受影響的用戶將得到充分償還。但是，違規行為破壞了比特魯的聲譽，尤其是考慮到該平台在2019年已經遭受了500萬美元的黑客攻擊。

1/4: We have identified a brief exploit in one of our hot wallets on 07:18 (UTC), 14 April 2023. We were able to address this matter quickly and prevented the further exploit of funds. We take this matter seriously and are currently investigating the situation. pic.twitter.com/QioPHSB2DM

1/4：我們已經在2023年4月14日（UTC）的一個熱錢包中確定了一個簡短的利用。我們能夠迅速解決此問題，並阻止了進一步的資金利用。我們認真對待此事，目前正在調查情況。 pic.twitter.com/qiophsb2dm

In March, the attacker sold 4,207 ETH for approximately 1,634.5 DAI each, at an average selling price of around $3,885 per ETH—considerably higher than current market conditions.

3月，攻擊者以大約1,634.5 dai的價格出售了4,207 ETH，平均售價約為3,885美元，大約高於當前市場狀況。

Today’s sale of the remaining SHIB and HOT to acquire additional ETH seems to be part of a slow but methodical laundering strategy.

今天出售剩餘的濕骨和熱門以獲取額外的ETH似乎是一種緩慢而有條不紊的洗錢策略的一部分。

KiloEX Breach Highlights Growing DEX Security Risks

Kiloex違規突出了增長的DEX安全風險

Meanwhile, decentralized exchanges (DEXs) are facing their own vulnerabilities. Just days ago, KiloEX, a decentralized exchange operating on the BNB Chain and opBNB, fell victim to a $7 million exploit due to a flaw in its oracle system.

同時，分散的交流（DEX）正面臨著自己的脆弱性。就在幾天前，在BNB連鎖店和OpbnB上運營的一個分散的交易所Kiloex因其甲骨文系統中的缺陷而成為700萬美元的受害者。

The hacker manipulated KiloEX’s price feed, buying undervalued tokens and selling them at inflated prices before draining the platform’s liquidity.

這位黑客操縱了Kiloex的價格供稿，購買被低估的代幣並以誇張的價格出售，然後再消耗平台的流動性。

🚨 Security Incident Announcement: KiloEx Vault ExploitDear KiloEx Community,We regret to inform you that the KiloEx Vault has been exploited. The attacker’s wallet address is: 0x00fac92881556a90fdb19eae9f23640b95b4bcbdWe urge all partner protocols and platforms to...

🚨安全事件公告：Kiloex Vault Exploitdear Kiloex社區，我們很遺憾地通知您，Kiloex保險庫已被利用。攻擊者的錢包地址是：0x00FAC92881556A90FDB19EE9F23640B95B4BCBDWE敦促所有合作夥伴協議和平台為...

As hackers become increasingly sophisticated in exploiting technical flaws and laundering funds, industry players face the critical challenge of fortifying their defenses and rebuilding user trust.

隨著黑客在利用技術缺陷和洗錢資金方面變得越來越複雜，行業參與者面臨著加強防禦和重建用戶信任的關鍵挑戰。

The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.

本文提供的信息僅用於信息和教育目的。本文不構成任何形式的財務建議或建議。由於提到的內容，產品或服務的利用，Coin Edition對任何損失概不負責。建議讀者在採取與公司相關的任何行動之前謹慎行事。