HOTBIT被HACK, 資金似乎安全, 但資料或被盜

昨日已收到風話HOTBIT被CYBER ATTACK.... 今日剛剛有更多詳情分佈..... 

據報告, 好的方面是似乎沒有資金被盜.

壞的方面是:

1. 個人資料(包括登記電郵地址, 電話)可能遭遇失竊

2. 功擊者無法取錢, 索性將最新用戶資料刪除 (唔同轉玩勒索?) . HOTBIT雖然有備份, 但需時核對資料有無被非法改動. 所以我估有機會未必完全recover到最新改動...

3. HOTBIT需要時間審視數據integrity及overhaul個system, 估計要停2個禮拜左右.

本人在HOTBIT有三四萬港元資產, 全部放在不同投資產品 (唔可以instant withdraw), wallet應該只有數十美元, 基本上長期持有收yield, 無短期操作, 估計應該無損失... 

不過, 如作短炒者就可能因平台暫時關閉而無得趁高沽售, 錯失機會.   

希望大家無受太大影響. 

其實BINANCE最近兩個禮拜都有兩次長時間維護, 唔知係未同cyber attack有關. 同時, DeFi呢個月都有少少個案 (以後有時間再講).  

其實除左靠平台備份, 自己最好都要有備份 

不過好多平台無得download record/statement easily, 唔似APYHARVEST每日有statement去check番條數. 以前仲覺得APYHARVEST太conservative, 佢個internal system同外面完全隔開, statement其實唔係完全automated (唔知係唔係信唔過RPA或IT公司去幫佢去bridge reporting) , 請左D當地大嬸每日去prepare daily statement (所以有時係會眼花有typo)

Hotbit's Announcement on Emergency Maintenance

Dear respected users,

Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29,2021, which led to the paralyzation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system).

In this case, Hotbit team has shut down all services for inspection and restoration immediately, and the overall recovery period is expected to be no less than 7 days.

Please note that all your assets are safe and secure, and you can follow us on Twitter,Facebook, and Telegram for Hotbit’s latest recovery progress.

Currently our work consists of the following two sections:

Considering the fact that Hotbit is about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure  security, Hotbit team will completely rebuild all servers；

The attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up , we are still uncertain whether the attacker has poluted data or not before the attack. . Therefore, we also need to conduct a comprehensive inspection of the overall data. Once any anomaly is detected, we will perform an accurate reconstruction to ensure that all user data is accurate.

Therefore, these two sections of work will consume a lot of time. We initially expect that the recovery period will last about 7-14 days. The estimated time of recovery will be more as all things going on, and we will update our latest progress in Hotbit communities as well.

If you have an account on Hotbit, the following are things you should be aware of

The attacker has already gained access to the database, so your registration phone number, email address and asset data might have leaking risk. However, the password and 2FA key are encrypted so theoriotically should be safe. But from the security point of view, if your account and password on another website or app are the same as Hotbit's, it is safer to change the password now;

If you receive an email or private message in the name of Hotbit, you can contact us through official channels (Twitter, Facebook, Telegram) to verify identity before replying;

Leveraged ETF products are not suitable for long-term holding and therefore Hotbit will be fully responsible for all losses suffered by the position-holder during the maintenance period.

Your Open Orders on Hotbit will be canceled when the system is restored to avoid unintended trading losses.

All daily routine income distributions (such as investment products, current products and FIL cloud computing power ) will be paid out after the maintenance is completed .

We must admit that this is the biggest setback of Hotbit since the establishment on January 2018.

Security issues have always been the pain of blockchain industry, which has always been one of the major concerns of Hotbit as well.  In the future, Hotbit team will continue to strengthen security departments. Meanwhile, by cooperating with world's famous third-party Internet security teams, Hotbit will also conduct thorough inspection and investigation on the attack issue and thoroughly upgrade security level of the whole system.