BtcTurk Hack: Inside the $55 Million Cryptocurrency Theft

TL;DR

BtcTurk, a prominent Turkish cryptocurrency exchange, experienced a significant cyberattack resulting in the theft of approximately $55 million from ten hot wallets. Binance intervened by freezing $5.3 million of the stolen assets. The incident underscores persistent security challenges in the cryptocurrency industry despite measures to safeguard user funds and restore normal operations.

Make Sure This Hack Doesn’t Happen To You 🫵

Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐

For a limited period only, you can get a 7 day FREE trial!

All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today 👇

A massive cyberattack on the Turkish cryptocurrency exchange BtcTurk has resulted in the theft of approximately $55 million from ten of its hot wallets.

This incident has caused significant disruptions, prompting the exchange to halt all deposits and withdrawals as they investigate the breach and collaborate with law enforcement.

Chief Executive Officer Ozgur Guneri confirmed that BtcTurk detected the security breach on June 22, 2024, leading to the immediate suspension of deposit and withdrawal activities.

Blockchain sleuth ZachXBT initially reported the suspicious activity, noting significant movements of AVAX tokens shortly after the breach.

The analysis revealed that the stolen assets were funneled through various exchanges using THORChain and then withdrawn as Bitcoin.

Subscribe to Newsletter Bitcoin

Receive weekly Bitcoin summaries with news, insights and analysis on all things Bitcoin, all for free.

The Hack Unfolds

In a detailed disclosure, BtcTurk stated that the cyberattack affected a portion of the balances of ten cryptocurrencies in their hot wallets.

The exchange quickly emphasized that the majority of assets stored in cold wallets remained secure, assuring users that their overall financial strength exceeded the amounts affected by the attack.

Furthermore, the exploiter sold substantial amounts of some cryptocurrencies, including Luna Classic, causing major price movements in those tokens.

Following the detection of the breach, BtcTurk provided a series of updates to its users:

• June 22, 2024 - 14:17 GMT+03:00: The exchange announced the cyberattack and the suspension of all cryptocurrency deposit and withdrawal transactions as a precautionary measure.

• June 23, 2024 - 07:39 GMT+03:00: BtcTurk reopened deposit and withdrawal transactions for several ERC20 cryptocurrencies, including USDT, USDC, LINK, UNI, OCEAN, AGIX, BLUR, INJ, ANT, OGN, RAD, and ARPA.

• June 24, 2024 - 05:47 GMT+03:00: The exchange updated Bitcoin (BTC) deposit addresses and resumed BTC deposit and withdrawal transactions, advising users to use the new addresses and avoid old ones.

• June 25, 2024 - 01:01 GMT+03:00: BtcTurk updated AVAX (C-Chain) and ARC-20 USDT deposit addresses, reopening transactions for these cryptocurrencies with the same cautionary advice to use new addresses.

Binance Steps In

Newly appointed Binance CEO Richard Teng revealed that Binance had frozen $5.3 million of the stolen assets in an effort to assist BtcTurk.

This move underscores the importance of cooperation within the cryptocurrency community to combat malicious activities and protect users.

According to Teng, Binance's security teams are working closely with BtcTurk to track and recover the stolen funds. He emphasized that Binance is committed to safeguarding the ecosystem from bad actors.

Blockchain Investigation Insights

ZachXBT’s analysis highlighted the scale of the theft, pinpointing AVAX tokens as the primary target. The investigation showed that the stolen assets were moved to exchanges like Binance and Coinbase, converted into Bitcoin, and then withdrawn. This well-coordinated effort indicated a sophisticated attack plan.

Further complicating the situation, Wu Blockchain reported the sale of $54 million in AVAX, traced to a wallet linked to a Turkish exchange.

This raised concerns about the origins of the stolen funds and suggested a connection to BtcTurk.

Adding to the intrigue, ZachXBT noted that the same threat actor might have been involved in a $3.5 million hack of the online casino Sportsbet, which occurred just two hours before the BtcTurk breach.

The similar methods and timing of these attacks pointed to a coordinated effort by a single entity.

Despite the breach, BtcTurk reassured users that their assets remained secure, with the majority of funds stored in cold wallets unaffected.

The exchange emphasized its financial resilience and commitment to transparency, providing continuous updates on the investigation and restoration of services.

Subscribe to WAGMI

Get Ahead In Crypto. Join 15,000+ subscribers and get our free 5-min daily newsletter

The BtcTurk hack highlights the critical need for robust security measures in the cryptocurrency industry.

This incident serves as a stark reminder of the vulnerabilities that digital asset platforms face and the importance of collaboration among exchanges, security researchers, and law enforcement.

As BtcTurk continues to recover from this breach, the broader cryptocurrency community will be watching closely. The exchange’s transparent communication and swift actions set a positive example for managing and recovering from such incidents.

The BtcTurk hack underscores the ongoing challenges in ensuring the security of cryptocurrency platforms and user assets. The collaborative efforts between exchanges, security experts, and law enforcement are crucial in creating a safer environment for all participants in the cryptocurrency ecosystem.

As more details emerge, the lessons learned from this incident will be vital in shaping more secure and resilient digital asset platforms.