$1 750 000 USD

FEBRUARY 2015

CHINA

BTER

DESCRIPTION OF EVENTS

"Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges. Although they had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner."

 

"Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets."

 

"Digital currency exchange BTER announced that it has lost 7,170 bitcoins, or roughly $1.75 million at press time, in an apparent hack on its cold wallet system."

 

"Bter suffered a major hack, losing 7170 BTC (US $1 600 000) that had [supposedly] been in cold storage." Their "[m]anaged server was attacked." "A small Bter cryptocurrency exchange was hacked multiple times. Employees of the exchange organized the biggest robbery. In February 2015, 7000 BTC was stolen from a cold wallet. After that, all activities of the company were suspended, and only a few years later, the management of Bter began to withdraw funds from their elements again."

 

"Initially, BTER had posted on its website that a “security check” was underway and that the exchange would be temporarily suspended prior to another update. It remains unclear exactly how the BTER cold wallet was compromised."

 

"The exchange was forced to shut down over the weekend following the theft and investigations by police in China are currently underway."

 

"To ensure the safety of other funds, we have taken technical measures to stop and turn off all the virtual currency trading in online wallets in order to do further checks," the firm said in a Chinese-language statement posted to their Weibo page.

 

"Since then, they have reopened, claiming a temporary solution with a permanent fix on the way."

 

"China-based Bitcoin exchange Bter has announced that it will continue to operate its service and pay back all its users in time, following a cyberattack that saw the company lose $1.75 million in cryptocurrency to hackers." "To compensate its customers for losses that arose due to the recent breach, Bter will make payments in batches and additionally offer them half a year’s trading fee in proportion to their Bitcoin loss. In addition, all users will be allowed to trade Bitcoin for free for a month on Bter as a show of thanks."

 

"The company officially announced on March 10 that users will be 100% compensated for their losses and that trading will soon resume." “The trading will be enabled soon. Please double check your balances and the price in your existing orders. Please note that the previous BTC balance has been moved to BTC-B which will be used as the reference for compensating our user’s BTC loss. The 100% compensating plan will be revealed soon.”

 

"Bter says that it managed to trace the stolen 7,170 BTC to a Bitcoin mixer (a cryptocurrency laundering service) called Bitcoin Fog, but hasn’t heard from the company despite repeated attempts to make contact." "The China-based bitcoin exchange Bter has offered a bounty of 720 bitcoins ($170,000) for help chasing 7,170 bitcoins stolen in a suspected cyber-attack."

 

"Bter [also] partnered with Jua.com, a Bitcoin wallet service that claims to offer enterprise-class storage, to review the security code on its platform and to rebuild the back-end." "In a post on its reopened website yesterday, Bter said users will be repaid in batches using future profits and a 1,000 BTC interest-free loan from Jua.com." "Alongside the 1,000 BTC loan, which will be provided in exchange for equity in Bter, Jua.com will now handle all the platform’s cold wallet security." "Control of Bter’s hot wallets, used for deposits and withdrawals, will be moved over to Jua.com gradually, the exchange added. The company, which claims to provide enterprise security and storage services for bitcoin companies, runs BW.com, currently bitcoin’s 3rd largest mining pool."

 

"Although they had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner."

 

"They are slowly paying back the missing funds to their users through their fees. Bter has been the victim of two separate hacks in recent times, and have shown a willingness to accept the punishment for their failure and ensure their users are made whole–but will they be able to keep it up? They have a difficult road ahead: they must regrow volume to generate fees to pay their users back with. If they are unable to, they will be in real trouble." Bter said that “all Bter’s future profit shall be used to pay [back] the BTC loss [to] users first until all the lost BTC is paid up.” At the same time, it is offering users one month of free trading on the site “as our thanks for your trust and support.”

 

"BTC-B is the record of BTC we still owe you. It is not a real asset so that you cannot sell it. The fund for repayment is from our trading fee income, which depends on the volume on bter. The BTC trading volume is not large and not much fund has been generated. We will repay the next batch of BTC repayment as soon as we have more fund. Thank you for your patience."

 

"BTER closed in 2017." "Following the Chinese central bank’s ban on initial coin offerings (ICOs) and fiat-to-crypto spot trading in 2017, Bter.com closed its domain, rebranded to Gate.io and dropped fiat trading. The exchange shifted its focus to crypto-to-crypto and Chinese yuan over-the-counter (OTC) trading."

 

"According to the local policy in China, we have to stop the trading markets before Oct.30. Your funds are safe. We will provide your more time for withdrawal. To obtain a better services (very fast deposit and withdrawal), we recommend you login to gate.io with your current account and transfer funds there by following the instructures."

BTER stored their funds in a single wallet, which, while called a "cold wallet", was not entirely offline and disconnected, being as it was on a managed server.

 

The wallet was breached. The platform ultimately gave affected users balances that were owed to them, which were repaid over time from profits, and discounts on trading. A partnership gave them improved security and a 1,000 BTC loan to speed up the repayment.

 

Surprisingly, repayments were processed in the respective currencies, and not converted to USD. This contrasts with other recoveries like NiceHash or Bitfinex, which did a USD conversion, and has obviously extended the repayment period considerably.

 

BTER eventually closed in 2017, and moved to gate.io. It is believed that repayments continue within the gate.io platform.

HOW COULD THIS HAVE BEEN PREVENTED?

A key requirement of cold wallets is that they be stored offline. Any wallet which is accessible from an online or wired system is not, by definition, cold.

 

In addition, it does not appear that BTER set up a multi-signature wallet for the funds. This meant that there was only a single key to get breached.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.