Barter Wallet bot is hacked
Barter Wallet Bot was hacked on April 1st, with the attacker gaining access to the private keys of hot wallets and possibly the Telegram bot’s API key.
As a result of the attack, user funds totaling approximately $21,062 were stolen, including tokens such as USDT, BRTR, DAN, MATIC, BNB. Total losses could have exceeded $62,000 but were minimized.
During a personal investigation of transactions on blockchain explorers like Etherscan, BscScan, Polygonscan, links were established between the hacker’s wallet and a hot wallet on the Binance exchange, identifying the hacker’s personal wallet address on the BNB chain on Binance.
It’s worth noting that over 80% of user funds are primarily stored in separate cold wallets. Funds from hot wallets were saved during the attack, though they too could have been stolen: 3,095,937 BRTR ( $40,390), 90,190 BRUB ( $975), 1528 VLX ( $25) — totaling over $41,000.
A strong request to the hacker to return the stolen funds in full anonymously to the multi-chain address 0x17d3d1da06688bc61592913921414bff09bc570c. Sooner or later, the identity will be revealed, including through reaching out to Binance for assistance in the investigation and determining ownership of the user’s hot wallet.
The Barter Wallet Bot is currently offline for analytical checks, access rights modifications, etc. (details withheld for future security). The service will resume after resolving the issue, which will be done without any doubts.
Previously, other projects reported attacks on Telegram bots. The Telegram bot BONKbot on the Solana network was allegedly hacked, resulting in users losing around $208,000 as reported by CertiK, citing a potential leakage of private keys.
BONKbot initially attributed the issue to their export process but later shifted blame to a “specific application” after community backlash. Some users accused Solareum, another Telegram bot on Solana, which also suffered a hack totaling $310,000.
Representatives of Solareum deny any vulnerabilities and suggest that the exploit may have broader implications affecting other dapps. Due to the situation, Solareum has also announced its closure.
Details of the investigation.
During the investigation of the transactions, the following facts were established:
The hacker’s wallet, where he withdrew funds in all blockchains:
0x62E69E6a93d89a30ef647B6793655787110D4780
Hacker’s wallet on the Binance exchange:
0xa1Ad2258c669f1A5Cff0FEE55ed457F26b26360F
Hot Wallet Barter Wallet Bot in BNB chain:
0x035e9063925bC8e06Ef286f5b502AaD1EBF96148
Transactions were initiated to withdraw funds to the hacker’s wallet:
1. 440,883 DAN (~$2,800)
https://bscscan.com/tx/0x8052a5e3a7bd2576e6596ef11f9d8e5a4f03f0e4932c692d2b2a04c92c397c75
2. 117 USDT (~$117)
https://bscscan.com/tx/0x98948cbd58aa2fdaa2daa7313b443f0fee8087aa8bc34c7507dd278df8c7210e
3. 200 USDT (~$200)
https://bscscan.com/tx/0xdb58cd1beeccbdef2a9add728547bf433c5947b585901c4cb30dd83f73ee38a6
4. 150 USDT (~$150)
https://bscscan.com/tx/0x3b2a26469131dea52f1a7e4ee5f7b92fcc0917e9f7168de2a6a451f0c5d2bcab
5. 10 USDT (~$10)
https://bscscan.com/tx/0x9e3853b59e2bd2f49e2f591c186ccf79844a15981fe322bb3fa7a23e452b6ca5
6. 343 BRTR (~$4)
https://bscscan.com/tx/0xc9e882f8b86a72d1eafc74cf4fe8a8ec2a33af6465da3d810ed475dc1c84be5e
7. 38,761 BRTR (~$433)
https://bscscan.com/tx/0x3ec46f7a999623bccb228dd2bb0ff8febc9a56e5bc756b462109e1e57c8f8d7a
8. 0.08 BNB (~$45)
https://bscscan.com/tx/0xa51c1f298fbe3ff17419b76edd7190a1d9ffd6c55c5bdeaac12204fe9465dee9
Barter Wallet Bot Hot Wallet on the Polygon and Ethereum networks:
0x0000ae6209f8f787ad676b7D4B2440d1d0386522
Transactions were initiated to withdraw funds to the hacker’s wallet:
Ethereum:
1. 1,435,156 BRTR (~$16,055)
https://etherscan.io/tx/0xf01eb53be5089144744e840621be04599e1adef0eb5606b29993bf88013a3725
Polygon:
1. 1.53 MATIC (~$2)
https://polygonscan.com/tx/0xe81e296b2a9f94bb2953441814a2d0b9d987df6c80c4064df54efe18a7b72ce5
2. 1,246 USDT (~$1,246)
https://polygonscan.com/tx/0xddcd563c302671809548c1d02a4520a10928b409e5432572b3006093d8239167
The attacker made an swap on decentralized exchanges:
1. BNB chain:
1.1. Swap 440,883 DAN for 1,634 USDT on PancakeSwap
https://bscscan.com/tx/0x11ebd9f9369d24362cbaf3b902b72451196eb11bf6a9c7313eff41ff642feac1
1.2. Swap 39,104 BRTR for 543 USDT on PancakeSwap
https://bscscan.com/tx/0x40dd59536a6f7dbb5216406d87d847a421be98bf2117cb0056dd9a4bbcec366f
2. Ethereum:
2.1. Swap 435,156 BRTR for 341 USDT on Uniswap
https://etherscan.io/tx/0xd598017f8d7c6c356ee847b0cbcf41e833763bc6cf06ef4c38a287f2cf5e68bc
Rescue Transactions 3,095,937 BRTR (~$40,390), 90,190 BRUB (~$975), 1528 VLX (~$25) — the total value is more than $41,000:
613,667 BRTR
https://etherscan.io/tx/0x3d3be6584c7c8a76585c90b83e8acd87f703e2cefe47d58fed4a3d8a2ad5d121
616,181 BRTR
https://polygonscan.com/tx/0x93de1c055b4c0d532f105855f92b20ae5afb3204200ccbaf77913a0393c69174
1,825,027 BRTR
https://velascan.org/tx/0x1eeca43fa0ebe876fac7e0cdea9e7a4e62533359992c5e854af99832a590c80a
90,190 BRUB
https://velascan.org/tx/0x87db7454fb039866616f683644d9bd862bb75dff775081b994a4a80ad0def078
1,528 VLX
https://velascan.org/tx/0x53dd99015d22e19c6f8cb827b7945327457e75a3c5b825d73cd48e28c1a24276
Transactions to confuse?
Additionally, the hacker executed a single transaction to the address zazhiga.bnb for 14.88 USDT https://bscscan.com/tx/0x61bce8e5ef1978e749df96e847c3f0aa4d067d7cf9fcf62cacc11183475415b1 . The owner of the zazhiga.bnb wallet claims that they were not expecting any transactions from anyone during this time period for any deals or other accruals.
Thus, the hacker attempted to buy time to search for relevant information about their origin and sought to confuse the connections between wallets.
Hacker’s balance:
At the time of writing this publication, the hacker’s wallet holds the following balance: 1,000,000 BRTR ( $10,000) and approximately $3,300 in USDT, BNB, ETH, MATIC.
The hacker also sent a newsletter to all bot users:
What should users do?
First of all, remain calm, as we have already resolved the security issue with the Barter Wallet Bot and will find a way to compensate for the lost funds in full within a month. The main funds are stored in a secure place in cold wallets.
Secondly, we would like to congratulate the liquidity providers on Uniswap who redeemed 435,156 BRTR for 341 USDT or at an average price of $0.00007836 per 1 BRTR. Welcome to https://t.me/barterdao to those who hold more than 100,000 BRTR.
Thirdly, if anyone has tried to influence our reputation in this way, rest assured that we are making every effort to address the most complex situations. The identity of the wrongdoers will eventually be determined and appropriate measures will be taken. We will continue to monitor.
Stay tuned for updates, as the Barter Wallet Bot will be back in operation soon.
-
About:
