$1 650 000 USD

AUGUST 2014

CHINA

BTER

DESCRIPTION OF EVENTS

"Bter is a Chinese Blockchain Assets Trading Platform established in 2012 by Jinan Manwei Information Technology co., Ltd." "BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges." "The objective of the exchange is to provide safe, efficient and honest services of cryptocurrency trading. BTER is another of the hybrid fiat to crypto and crypto to crypto exchanges. Although they had a rocky start to 2015 with a severe security breach, they have gradually reopened markets and have dealt with the situation in a professional manner."

 

"Bter is one of the few exchanges working also with fiat money, in this case it is us dollars and Chinese yuan. Trading on the exchange is carried out in 100 cryptocurrencies. This platform is protected by SSL certificate, Web application Firewall, manual confirmation of withdrawal, as well as two-stage authentication with one-time passwords Google. Most of the funds in the system are stored in cold wallets."

 

“BTER is reporting that 50m NXT, or roughly $1.65m at press time, has been stolen from its exchange following an attack on one of its hosting servers. A developer representing the China-based digital currency exchange platform confirmed the news on the community information website NXT Forum, suggesting that the BTER team was considering urging the NXT community to roll back the NXT block chain to recover the lost funds.”

 

"Someone hacked Bter's NXT central account and stole 50m NXT. We are working with the dev for a plan. We will keep you updated."

 

"This is by far the largest hack that has ever happened in NXT’s history. Although it was entirely down to BTER’s lack of security, NXT as an economic system has started bleeding. Indeed, the hack concerns over 5% of the total money supply."

 

"[D]evelopers created an alternative version of the NXT client so people could choose to forge on the rollback fork if they wished. Some downloaded it and started forging. But the big NXT holders, some of whom had had a lot of NXT on BTER, decided not to forge on that fork, believing that protecting the NXT blockchain was more important than trying to recover funds in a way that would kill NXT value in the mid and long term. The Proof of Stake system worked like a census democracy: those who had the most to lose had more power to decide and the NXT blockchain was protected – at the cost of 51 million NXT."

 

"It's totally our fault and we are trying our best to cover all the loss. However, 50m nxt is huge for us, we cannot afford it at the moment."

 

"The BTER representative suggested that the exchange is exploring all options, including contacting the NXT development team in an effort to rollback the block chain, thereby restoring the ledger to its state before the theft occurred." "BTER briefly considered retrieving the stolen funds by rolling back the NXT blockchain, but the exchange eventually decided against pursuing that course of action, since they were able to obtain “lots of information” on the hacker."

 

"We have decided not to rollback but get the stolen funds back from the hacker since we have got lots of information of him."

 

"According to CoinDesk, the exchange was eventually able to negotiate a partial return of the stolen funds." "The hacker sent a ransom message through the Blockchain, demanding bitcoins in exchange for the stolen nxt. BTER negotiated and sent 10 BTC in exchange for five million nxt. The hacker then became impatient- and hostile."

 

“So, what taking so long? Send me the next batch already. I’m going to leave soon. It’s already 2 hours of negotiation, it took me 1 hour to clean your whole exchanger. BTC 500+ I’m not going to sit here, and wait 2 more hours for you to decide to send the lousy 10 BTC.”

 

"BTER sent another 100 BTC for the remaining Nxt but received nothing in return as the hacker went silent. 3 options were on the table: offer more BTC to the hacker, a 310 BTC bounty for hunting him down, or implement a fork/rollback." "Several hours ago, there were reports of more nxt being returned to BTER."

 

"The convoluted series of events, including the hacker’s willingness to negotiate after the decision not to fork, have led some to speculate that it was an inside job."

The BTER trading platform held 5% of the NXT tokens in existence online on their managed server environment, without using a multi-sig wallet. A hacker managed to break into the platform and steal the funds.

 

The first thing which BTER attempted was to negotiate a chain split. However, the majority of NXT nodes opposed the split and it did not proceed.

 

The next thing which BTER attempted was to negotiate with the hacker. This was successful, with the hacker returning most funds, in exchange for a smaller amount of bitcoin. This type of trade works well because the hacker has a lot of difficulty selling stolen NXT tokens, while bitcoin is much more liquid.

 

Ultimately the BTER platform continued to operate, and it appears they honoured the losses of affected users.

HOW COULD THIS HAVE BEEN PREVENTED?

The BTER platform stored funds on a managed server, which was connected to the internet. This qualifies as a hot wallet. In addition, no multi-sig was set up, so a single point of failure existed. This hack could have been avoided through setting up a multi-signature wallet which was stored offline. By multi-sig, this means that independent people hold the keys. By offline, this means that the private keys are not stored on any server or other internet-connected device.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.