In one of the most significant exchange breaches of 2020, Slovakia-based cryptocurrency exchange Eterbase confirmed on September 8, 2020, that its hot wallets had been compromised, resulting in the theft of approximately $5.4 million worth of digital assets. The incident sent ripples through the European crypto community and reignited concerns about exchange security practices.
TL;DR
- Eterbase, a European crypto exchange headquartered in Slovakia, suffered a hot wallet breach on the night of September 7, 2020
- Six hot wallets were compromised across multiple blockchains including Bitcoin, Ethereum, XRP, Tron, Tezos, and Algorand
- Approximately $5.4 million in cryptocurrency was stolen
- The exchange immediately halted deposits and withdrawals while investigating the attack
- The hack highlighted persistent vulnerabilities in single-signature hot wallet architectures
The Attack: What Happened
Eterbase first disclosed the breach through its official Telegram channel and Twitter account on Tuesday, September 8, 2020. According to the exchange’s statement, attackers gained access to six of its cryptocurrency hot wallets during the night of September 7. The compromised wallets contained Bitcoin (BTC), Ethereum (ETH) and ERC-20 tokens, XRP, Tron (TRX), Tezos (XTZ), and Algorand (ALGO).
Blockchain analysis later revealed that the hackers transferred approximately 11.45 BTC and 387.4 ETH from Eterbase hot wallets to addresses under their control. The total losses were estimated at roughly $5.4 million, with the majority — around $4 million — in Ethereum and various ERC-20 tokens. Additional losses included approximately $500,000 in Tezos, over $100,000 in Bitcoin, and roughly $45,000 in Tron.
How the Hackers Operated
Security researchers from Merkle Science traced the movement of stolen funds and uncovered a sophisticated laundering operation. After consolidating the stolen cryptocurrency, the hackers employed a technique known as “chain peeling” — breaking larger amounts into smaller transactions before distributing them across multiple cryptocurrency exchanges for liquidation.
Notably, the attackers appeared to have pre-existing accounts on major exchanges, suggesting a level of operational planning beyond a typical opportunistic attack. They consolidated both stolen and previously held funds into single clusters before redistributing them, making forensic tracking more challenging.
Security Vulnerabilities Exposed
The Eterbase hack underscored a recurring theme in cryptocurrency exchange security: the dangers of single-signature hot wallets. Unlike multi-signature wallets that require multiple authorizations before funds can be moved, Eterbase’s hot wallets stored private keys in internet-connected databases with no additional approval layers.
This meant that once attackers gained access to the server infrastructure — likely through compromising the database where private keys were stored — they could sign and execute withdrawal transactions without any further barriers. Security experts noted that multi-signature protection, while not foolproof, would have significantly raised the difficulty and detection probability of such an attack.
Eterbase’s Response
Following the breach, Eterbase immediately suspended all deposit and withdrawal services and placed the exchange into maintenance mode. In a message to users, the platform assured clients that it was taking all necessary steps to protect remaining funds and investigate the incident. The exchange also stated it was cooperating with law enforcement authorities to identify the perpetrators.
Some stolen funds were later recovered through cooperation with other exchanges. ChangeNOW, a cryptocurrency exchange service, reportedly returned approximately $1 million in stolen assets after being alerted to the hack.
Why This Matters
The Eterbase hack was the second significant exchange breach targeting a European platform in 2020, following the Altsbit incident in February. Together, these attacks highlighted that even as the crypto industry matured, fundamental security practices — particularly around hot wallet management — remained inconsistent across exchanges.
For users, the incident served as a stark reminder of the risks inherent in leaving significant funds on centralized exchanges. The crypto community has long advocated for self-custody through hardware wallets, and events like the Eterbase hack reinforced that guidance. With Bitcoin trading around $10,131 and Ethereum at $337 at the time of the attack, the $5.4 million loss represented a meaningful but not catastrophic sum — yet it demonstrated how quickly a single security lapse could result in substantial losses.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before making any investment decisions.
another hot wallet hack, another exchange saying we have enough capital to cover losses. heard that one before
six hot wallets across six chains with no multisig in 2020. $5.4M is actually low given how exposed that setup was
hot_wallet_shame 6 chains with single sig hot wallets was standard practice in 2020. $5.4M sounds like a lot but it could have been way worse
Eterbase was small enough that $5.4M felt manageable. same setup at BitMart 14 months later and they lost $196M
cold_vault_ 5.4M was low because they were a small exchange. the same setup at a top 20 exchange would have been hundreds of millions
single-signature hot wallets holding millions in 2020 is just asking for trouble. multisig was already standard elsewhere
multisig was available but the UX was terrible back then. exchanges chose convenience over security and paid the price every time
Aleks K. multisig UX was terrible and the tooling barely existed. hardware wallet support for multi chain was basically nonexistent in 2020
Emil exactly. we tried setting up multisig for our project in 2020 and the tooling was a nightmare. Gnosis Safe was the only real option and it barely supported anything beyond ETH
multisig_first single sig hot wallets holding millions in 2020 was the industry standard and it kept happening anyway. Eterbase was small but BitMart and Coincheck were the same story
holding XTZ and ALGO in a single sig hot wallet in 2020. those chains barely had any liquidity and they still got drained. worst risk management award
eterbase was the first EU exchange trying to do MiCA-style compliance before MiCA existed. they did the regulatory work and still got hacked because security was an afterthought
6 hot wallets across 6 different chains, all single signature. one compromised key drained everything. the lack of basic operational security is wild
6 hot wallets across BTC ETH XRP TRON XTZ ALGO all single sig. one key compromise and everything is gone. how was this acceptable in 2020