Date:: September 7th, 2020
Amount Stolen:: $5,400,000
European (Slovakian) encrypted exchange ETERBASE has been hacked, resulting in the theft of some hot wallets and the loss of more than $5 million in assets. Taken assets include ETH, ERC-20 tokens, TRX, XTZ, BTC, ALGO and XRP.
In September 2020, Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million. Several hours later, the hackers opened at least two dozen anonymous accounts on Binance, enabling them to convert the stolen funds and obscure the money trail, correspondence between Slovakia’s national police and Binance reveals. In as little as nine minutes, using only encrypted email addresses as identification, the Lazarus hackers created Binance accounts and traded crypto stolen from Eterbase
European (Slovakian) encrypted exchange ETERBASE has been hacked, resulting in the theft of some hot wallets and the loss of more than $5 million in assets. Taken assets include ETH, ERC-20 tokens, TRX, XTZ, BTC, ALGO and XRP. Lazarus Group was responsible for this heist
Eterbase, the Bratislava-based exchange hacked by the North Koreans, sought Binance’s help, too.
After news of the hack by Lazarus, Zhao tweeted on September 9th, 2020: “Will do what we can to assist.” But when Eterbase emailed Binance’s support centre, a Binance team member said they could not share any account data without a law enforcement request, according to communications between the two firms seen by Reuters.
Eterbase submitted a criminal complaint to Slovakia’s National Crime Agency. In June, 2021, the agency wrote to Binance requesting information and saying the funds were stolen by “anonymous attackers united under the Lazarus hacking group.” Binance replied that it could not identify accounts connected to the hack. In July, after another, more detailed police request, Binance sent the agency records on 24 accounts, adding they had been empty for over nine months as “the assets have instantly been traded.”
Hillmann said Binance fully cooperated with requests received from Slovakian authorities and helped them to identify the relevant accounts.
The records, reviewed by Reuters, showed the only personal information Binance held on the account holders was their email addresses, many of which were based on misspelt well-known names, such as “bejaminfranklin,” the American founding father, and “garathbale,” the Welsh soccer player. The hackers used virtual private networks to obscure their devices’ locations, the records show.
Within around 20 minutes of opening most of the accounts, the hackers passed an unspecified “security check” allowing them to withdraw crypto, according to the account records. Each account then converted portions of the stolen funds into just under two bitcoin, the withdrawal limit at the time for a basic account without identification.
After the hack, Eterbase stopped its operations and later filed for bankruptcy. Auxt, the company co-founder, said the losses meant Eterbase could no longer cover its expenses. “The hack killed our business,” he said. Victims of the hack are yet to be reimbursed.