The cryptocurrency trading platform Hotbit was recently required to shut down following a dedicated cyberattack that focused its insidious attention on wallets.

A popular cryptocurrency exchange, Hotbit has earned a reputation for being among the more secure platforms for trading. Its registered customer base is currently spread across 210 different countries across the globe, with around a quarter of its two million users accessing services via the online exchange’s application for Android.

Users informed of Hotbit hack

Following the temporary cessation of its services, Hotbit made a statement regarding the incident, assuring its registered users that their financial assets were both secure and safe. The exchange commented:

“Hotbit just suffered a serious cyberattack starting around 08:00 PM UTC, April 29,2021, which led to the paralysation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system).”

Although the threat operators behind the assault were not able to obtain access to any of the cryptocurrency assets retained in wallets on the exchange, they did manage to delete Hotbit’s dedicated database.

The exchange is now also investigating any indication that information has been tampered with, to assess if the hackers have been able to pollute any of Hotbit’s regular data backups. A key stage must be completed before it can ultimately restore its services and company servers.

Cryptocurrency customers who use the exchange were informed that the full investigation and subsequent recovery process would likely take somewhere between 7 and 14 days. This timeframe was based on how many hours would be required to analyse all backed-up data prior to the initiation of the system’s restoration procedure.

Customers warned of potential risks

Hotbit also informed its users that the hackers acquired access to some customer information recorded in its database in plain text before deletion. This personally identifiable information included email addresses, phone numbers and financial data retained on customer’s assets.

Trading platform users were advised by the exchange to be on their guard against phishing attacks where hackers might be impersonating Hotbit. It recommended that customers contact the exchange if they received any suspicious correspondence, to authenticate any unusual requests.

While the users’ passwords and two-factor authentication keys were all retained in an encrypted format, Hotbit warned customers to alter their passwords for other online accounts or services where they used duplicate credentials.

Attacks like the cyber strike on the Hotbit cryptocurrency exchange are an ideal example of why using the same passwords for multiple logins presents a serious security risk. If a system is hacked and user credentials are captured by attackers, threat operators can use the same passwords and usernames to access a wealth of different customer accounts, and quickly exploit any unguarded information or finances. This means debts can be run up, ruining credit records, and personal and private data can be stolen and exploited, or sold on to other cybercriminals for use in their campaigns.