BtcTurk, one of Turkey’s largest cryptocurrency exchanges, faced a major cyberattack on June 22, 2024. In response, the exchange halted all cryptocurrency deposits and withdrawals to mitigate the impact of the attack.
According to the official statement, the hack specifically targeted hot wallets holding 10 different cryptocurrencies. However, the cold wallets, where the majority of the assets are stored, remain secure.
BtcTurk assured its users that its financial strength is far greater than the amount impacted by the attack. Therefore, users’ assets will not be affected by the losses incurred. The team is conducting a thorough investigation into the incident and has also reached out to official authorities for assistance.
As a precautionary measure, BtcTurk has temporarily suspended cryptocurrency deposits and withdrawals. Users are advised to check the status of transactions through the platform’s status page.
BtcTurk hack crashes AVAX
The attack on BtcTurk had immediate ripple effects in the cryptocurrency market. Notably, the price of AVAX, a popular cryptocurrency, plummeted by 10% following the incident. On-chain detective ZachXBT linked this sharp decline to the BtcTurk breach.
Zach traced suspicious activity to a specific address, which moved 1.96 million AVAX (worth approximately $54.2 million) and transferred the funds to Coinbase and THORChain. Further analysis revealed that this entity withdrew over $46 million in Bitcoin from Coinbase and Binance after depositing the AVAX.
The movements included a huge transfer of 587.75 BTC (around $38.1 million) from Coinbase to a specific Bitcoin address and an additional 122.66 BTC (about $7.95 million) from Binance to another address.
The large-scale withdrawal of funds raised questions in the crypto community about the security measures in place at major exchanges.
One user on Twitter questioned how millions could be deposited into compliant exchanges, swapped for BTC, and then withdrawn so quickly, especially given the withdrawal limits for verified customers on platforms like Coinbase.
In response, Zach highlighted the limitations of KYC (Know Your Customer) and compliance procedures. He pointed out that these measures often prove ineffective against actual threats, regardless of whether the exchange is regulated or offshore. The actual problem lies not with the exchanges but with the regulatory frameworks that fail to address real security issues.
The harsh reality about KYC and compliance in general is that it’s quite ineffective for any actual threats. Does not matter whether it’s regulated or offshore exchanges.
ZachXBT
The sleuth emphasized that the difference between exchanges lies in their response to ongoing threats and their willingness to adapt based on feedback. Some regulated exchanges are out of touch with the practical challenges of cybersecurity.
For instance, Coinbase, despite being highly regulated, failed to freeze funds deposited from a hack due to vague internal policies. In contrast, Binance, often criticized by the media, has a security team that actively assists victims and responds to incidents effectively. The exchange has announced that it is helping BtcTurk investigate the cyberattack. They have already frozen $5.3 million from the stolen assets.
CEO Richard Teng said, “Our investigations & security teams work around the clock as part of our proactive efforts to protect the ecosystem from bad actors. We will provide further updates as relevant.”
–
Note: This article was updated to include Binance’s announcement.
Jai Hamid
