Recently, the cryptocurrency exchange BTCTurk released an announcement confirming a hacker attack, with over $48 million abnormally flowing out from multiple hot wallets. The Beosin security team analyzed and tracked the funds, sharing the following results:
Currently discovered hot wallet addresses with fund transfers are:
0xde2faca4bbc0aca08ff04d387c39b6f6325bf82a
0x2cea0297bfb1b55ff37126b677d78e2b1fd2e856
0xb5a46bc8b76fd2825aeb43db9c9e89e89158ecde
Involving chains such as Bitcoin, ETH, AVAX, ARB, BASE, OP, and Polygon.
Currently detected hacker intermediate addresses are:
0xa041feb3a8297c5689fee180083164a061a17fd6
0xb4b537626e21df5386cf167d1e654b38785056cc
0x7d91d1ebeba91257733a523409125aedac5d8b6e
Hacker settlement addresses are:
0x0fe41fe8786329fb6bd8f2baa73aa55e770f0951
0x95ab53305bc71d0e6e2d68f2e62690599cbc87fc
0xddfa0884f32d0d210597a996060fbdb5b068b0ea
bc1q3xgyvmfk6mw6zvhjklsw7v8wl2dk0xtm35ulut
Using Beosin Trace tool to track stolen funds reveals the following fund flow charts for EVM and Bitcoin chains:
Beosin Trace EVM Chain Fund Analysis Chart
Beosin Trace Bitcoin Chain Fund Analysis Chart
Currently, the reason for the BTCTurk hot wallet attack remains undisclosed. Multiple aspects need investigation, including internal exchange operational security, signature device security, seed phrase management, and signature environment security. Similar exchange security incidents have occurred previously.
Exchange security remains a significant challenge in the Web3 ecosystem, requiring continuous effort and collaboration from exchanges, security companies, regulatory, and law enforcement agencies. Beosin Trace has added the hacker addresses from this incident to its blacklist and will continue tracking.
