Dear respected users,
Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29,2021, which led to the paralyzation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system).
In this case, Hotbit team has shut down all services for inspection and restoration immediately, and the overall recovery period is expected to be no less than 7 days.
Please note that all your assets are safe and secure, and you can follow us on Twitter,Facebook, and Telegram for Hotbit’s latest recovery progress.
Currently our work consists of the following two sections:
- Considering the fact that Hotbit is about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure security, Hotbit team will completely rebuild all servers；
- The attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up , we are still uncertain whether the attacker has poluted data or not before the attack. Therefore, we also need to conduct a comprehensive inspection of the overall data. Once any anomaly is detected, we will perform an accurate reconstruction to ensure that all user data is accurate.
Therefore, these two sections of work will consume a lot of time. We initially expect that the recovery period will last about 7-14 days. The estimated time of recovery will be more as all things going on, and we will update our latest progress in Hotbit communities as well.
The daily progresses regarding our restoration process are listed below (the progress will be updated continuously on a daily basis until the site is fully recovered)
May 9th, 2021
- 02: 30 AM UTC More than 95% of the environment has been built, and the final performance optimization and security testing are carried out continuously to repair the inconsistency problems found in data verification. We will announce the relatively accurate external recovery steps of the platform in 12 hours
May 8th, 2021 All processes are as follows
- Apart from modules of investment functions, we have almost finished the deployment of other modules. Currently, we’re still conducting manual verifications on certain suspicious problems reflected by the results of data verification processes within these days. Besides that, based on certain results of testing, we’re also in the progress of some minor updates on trading servers. It is expected that we will provide our users with comparatively accurate processes and schedules regarding the relaunch of our platform and services tomorrow.
May 7th, 2021
- 02:00 PM UTC The testing of the API is in progress. Third-party security team started to conduct security evaluation testing.
- 07:30 AM UTC Almost finished the verification of data. Started the testing of the API functions between trading servers and market makers.
- 01:30 AM UTC Finished the recovery and restoration of data in investment modules, started the verifying of data.
May 6th, 2021
- 02:30 PM UTC Testing and debugging of trading servers in progress.
- 08:00 AM UTC We are still processing recovery the data of investment modules.
(The incomes due and payable during our recovery and restoration period will be paid to all relevant users’ accounts after our platform is fully recovered).
Meanwhile,testing and debugging of trading servers in progress.
- 02:30 AM UTC The recovery processes regarding the data of user registration, deposits and withdrawals and orders are nearly finished. Currently, we are also recovering the data of investment modules.
May 5th, 2021
- 01:30 PM UTC Starting to configure deposit and withdrawal servers. Testing of trading services in progress. (Just as we have mentioned in our initial announcement, the recovery process involves the recovery of both servers and data. The accurate and precise recovery can only be realized after finishing the recovery of both servers and data. Hence, even if the trading, deposit and withdrawal servers are recovered, we are still unable to launch the deposit, withdrawal and trading services immediately).
- 07:30 AM UTC The work of data reconstruction and recovery from the historical backup point to the time of attack is still in progress.
- 02:30 AM UTC Finished the recovery of historical backup data, starting to conduct the reconstruction and recovery process of all data generated between backup point and the time point that the hacking attack occurred. (The backup processes are conducted once in a certain period of time, normally on a daily basis. We are now recovering the data starting from our most recent backup. Considering the huge volume of data on our platform, we normally conduct the backup process more frequently than once everyday).
May 4th, 2021
- 01:40 PM UTC Starting to conduct various testings on trading server.
- 07:30 AM UTC Finished 50% of database import.
- 02:30 AM UTC Finished the deployment of all servers, conducting encryption on configuration parameters.
May 3rd, 2021
- 01:00 PM UTC Install and set the database service, start to verify the data and to recover the deleted data.
- 07:30 AM UTC Install various security patches and configure security
- 2:00 AM UTC Approximately 90% of server basic system restoration is finished.
May 2nd, 2021
- 01:00 PM UTC The security assessment is passed, Hotbit has started to migrate the transaction server database.
- 10:00 AM UTC Hotbit's internal security team is conducting security audit together with the external security team to evaluate the security level of the whole process. If the security level assessment is passed, the migration of the transaction server database will start.
- 03:00 AM UTC The restoration and deployment of system environment are still in progress, with approximately 40% of restoration finished.
May 1st, 2021
- Complete the plan of the new architecture, with approximately 200 servers in the process of reinstallation of system environment.
April 30th, 2021
- Reformulate the deployment process of environment system and establishment plan of secure environment, transfer assets from hot wallets to cold wallets.
If you have an account on Hotbit, the following are things you should be aware of
The attacker has already gained access to the database, so your registration phone number, email address and asset data might have leaking risk. However, the password and 2FA key are encrypted so theoriotically should be safe. But from the security point of view, if your account and password on another website or app are the same as Hotbit's, it is safer to change the password now;
- If you receive an email or private message in the name of Hotbit, you can contact us through official channels (Twitter, Facebook, Telegram) to verify identity before replying;
- Leveraged ETF products are not suitable for long-term holding and therefore Hotbit will be fully responsible for all losses suffered by the position-holder during the maintenance period.
- Your Open Orders on Hotbit will be canceled when the system is restored to avoid unintended trading losses.
- All daily routine income distributions (such as investment products, current products and FIL cloud computing power ) will be paid out after the maintenance is completed .
We must admit that this is the biggest setback of Hotbit since the establishment on January 2018.
Security issues have always been the pain of blockchain industry, which has always been one of the major concerns of Hotbit as well. In the future, Hotbit team will continue to strengthen security departments. Meanwhile, by cooperating with world's famous third-party Internet security teams, Hotbit will also conduct thorough inspection and investigation on the attack issue and thoroughly upgrade security level of the whole system.
Please continue to follow our official media links for our latest information:
Telegram （Discuss channel)： https://t.me/Hotbit_English
Telegram （Announcement channel)：https://t.me/Hotbit_announcements