HitBTC is the most technologically advanced digital asset spot trading platform operating since 2013. We focus on security of the custody and the platform. That’s why we never got hacked. Rumors and unfounded allegations are mostly spread by non‑professionals or being paid for. Our custody has never lost user assets. There are no irregularities in platform’s performance or balance sheet. We are improving our Public Communication approach.
Dear Existing Traders, Future Traders, Cryptomedia who know what they are writing about, those who don’t, those who write for money, and those genuinely enjoying the show, we would like to state our position in a clear way with respect to recent write-ups attempting to portray HitBTC in an unfavorable light. We’d like to address some of these issues and provide context into why they happened and what we are doing to develop our product and the way we communicate.
Let’s start with some background:
HitBTC has been in the cryptocurrency market since 2013. We were among the first and one of the most technologically advanced exchanges. When the early crypto enthusiasts built their first matching in Python or JS, we offered our traders a robust high-throughput C++ matching engine.
We are always ready to admit our weaknesses. While focusing on technological and security parts of the product, we have somewhat neglected the Public Communication and PR. We can see that this might have been our major omission. When faced with a trade-off between focusing our company on security of user assets or PR efforts, we have always opted for the former. A day will come when we will achieve both goals.
3.1. The market for digital assets experienced staggering growth during the winter of 2017–2018 which caused explosive growth in the number of our customers. Our technology performed well with this demand showing its superior capability. However, due to the overwhelming demand for our services we encountered major bottlenecks at an operational level. Our Customer Care and Compliance departments were frequently unable to deliver timely responses to clients’ applications and enquiries and a significant number of these cases became public. Substantial investments were made in the aforementioned departments and the issues were solved in successive months. Unfortunately, however, the negative impact to our public perception had already taken place.
3.2. We would like to emphasize that our technology was built by following procedures rooted in the mature financial industry. To ensure the robustness of mission-critical systems, our philosophy dictates that every issue (whether it is daemon lag, lack of 2-step transaction in ADA currency, detection of a transaction stuck in the bitcoin mempool for more than 48 hours due to a low transaction fee, ethereum smart contract vulnerability, etc.) is handled manually and is thoroughly documented. This assures established procedures and workarounds to be in place should the same issue recur. Over the years our dedication to established financial industry practices has guarded us against losses. This a priori more time intensive approach by today has delivered an extremely resilient system, supporting the largest number of assets in the industry without the risks which many platforms may not be able to anticipate.
3.3. Since the beginning of 2018, we have been able to bring the average support response time down to below the 12 hours mark. At the same time, we were the first to create the System Monitor – a tool made available to everyone, and specifically designed to track platform’s performance and status of initiated, pending and completed transactions as well as deposit, withdrawal and trading components status across over 500 assets.
The constant striving for perfection has been our core value and the only way we wish to increase our market share. Apparently, not all market participants share this value. As a result, besides real cases, which inevitably seem to surface on social media with projects of our scale, we sometimes stumble upon anonymous “cases” and other general allegations lacking substance. We let them slide more often than not since we have always been focused on addressing real cases and foregoing the opportunity of entering into fruitless disputes on the anonymous Internet space.
To summarize, the combination of technological advancement and self-imposed communication isolation has repeatedly made HitBTC a target for various provocative statements, both genuine and motivated otherwise.
The following recent articles are a vivid illustration of unfounded claims that were casted against HitBTC:
4.1. “HitBTC failed Proof-Of-Keys” saga, January, 2019
CCN article: “Bitcoin Exchange HitBTC Freezes Customers’ Accounts ahead of Proof of Keys Event”
A widely quoted article, in its entirety, is based on only 2 AML cases. One of them was initiated as part of the investigation into the December, 2018 BTCP security breach, at the request of the coin’s core team. Unfortunately, there is no clear indication of the nature of the second case that can be discerned from the article.
The author of the article failed to track the deposit/withdrawal dynamics that did not uncover any irregularities. A simple block explorer or our public System Monitor would suffice for these purposes.
4.2. “HitBTC insolvency: by @ProofofResearch” saga, May, 2019
BitcoinExchangeGuide article: “HitBTC Appears Insolvent [Blockchain Analysis]”
This article’s case claiming delayed withdrawals is based on 3 AML cases and social media gossip. All quoted AML cases were resolved within 3, 12 and 33 days respectively.
Obviously, a subset of hot wallets’ balances are not representative of exchange’s total assets. This makes the statement in the article look like someone has been motivated to openly harm our reputation.
Since we have touched upon the topic of KYC/AML, let us expand upon it. Against the will of crypto anarchists and early crypto adopters, the crypto market is progressively becoming more like a regular financial market. That makes it the subject to practices common to legacy financial institutions. Among these practices are design and enforcement of prudent AML/KYC policies and procedures.
5.1. Protection of market participants
To provide some background: One of the main outcomes from The Great Depression was the establishment of a regulatory framework to protect the general public. As a result, markets became more transparent and protective for its participants which entirely corresponds with our values. The cryptocurrency space will go through a similar process. We foresaw the trend of regulation as an essential factor enabling its mass adoption. We have been setting up an institutional grade infrastructure (KYC/KYT/Market Surveillance/AML and other systems) to protect future mass market participants by following best practice from established financial markets.
5.2. Elimination of bad actors
We respect and understand the inevitable trend of increasing regulation. In our capacity as the largest spot crypto market, we are making extreme efforts to shield our users from bad actors. This coincides with our philosophy and we consider it to be the only way for the mass adoption of crypto to take hold. That is why we have been constantly evolving our processes, and have developed our AIA Policy, structured around AML/KYC procedures that have allowed us to become one of the “cleanest” exchanges in crypto. Years ago our AML team were happy to uncover posts on darknet websites advising to “never use hitbtc”.
Our stance has exposed us to allegations related to or in some way implying “inappropriate suspensions or significant withdrawal delays”. In fact, these allegations always fall in one of the following categories:
6.1. AML cases that indicate suspicious activity on a user account and require a manual check. A Security Officer reaches out to the user and requests the necessary documents – a delay from either side during communication might prolong the verification process.
6.2. Bad actors using fake documents or counterfeit materials for verification purposes. Rarely, it happens that a person on the other side of a confirmation video call (which is a part of our extended AML procedure), shows no signs of affiliation with the account.
6.3. Deposits to the wrong address. If a user accidentally deposits digital assets to the wrong address on HitBTC, we can usually rectify the situation. For example, if a user sends BTC to a USDT address – this is a reversible mistake. Our technical and financial specialists can recover it manually if it’s eligible for retrieval. Naturally, it takes time.
6.4. Victims of phishing. Even though we are always on the lookout for sites mimicking our interface for malicious purposes and initiate their shut down, some of them might escape our attention. We do our best to increase the level of protection of customer accounts. In recent years we have implemented a number of additional security features, such as: (supposedly first-in-the-industry) 2FA confirmations, whitelisted addresses for withdrawals and advanced market surveillance systems.
6.5. Rare cases of account suspension due to a law enforcement request in which we are directly prohibited from informing the user in question about the matter.
6.6. Law enforcement requires us to freeze assets without direct prohibition from informing the user in question. One of the recent public cases.
6.7. A third party request claiming their funds are involved in fraudulent activity – user in question’s account is frozen if we have reasonable arguments to back up the claims and we’re obliged to ask a third party to get law enforcement involved.
6.8. Loss of access to 2FA device requires an extended verification process which should take time due to the security policies that aim to protect users that didn’t lose their 2FA keys, but might have someone pretending to be them.
6.9. A separate category of cases that cause deposit/withdrawal delays on a subset of assets have to do with comprehensive custodial security infrastructure and technical issues of daemons (please refer to 3.2 above). They are an artifact of a large system – given the nature and quantity of assets we support, at any point in time, there are some of them that are down for maintenance. We have custodial SLAs that we are constantly improving, and we are confident that they are at the optimal level of security vs performance within the entire industry. We share necessary statistics transparently in our System Monitor.
We would also like to communicate our position with respect to assets being integrated into and occasionally removed from our platform as this has also caught its share of public attention.
We are honored to work with a diverse range of blockchains and tokens. Given the fact that the crypto industry was in it’s very early days, some lapses of judgement in assessing our integration partners have occurred despite our best efforts to prevent this. Sometimes, it was that we did not possess a complete understanding of the integration partner’s business; sometimes it was the change of the integrated project’s course over time. As a result, the decision to remove a project from our platform occasionally had to be made. In these circumstances, we inevitably face a tough choice – whether to announce it beforehand, adversely influencing the asset’s price, or carry out the process instantaneously. We considered the second option to be less harmful. Withdrawals for the currency or token that was removed always stay open even after the removal takes place except for cases when the technical team is aware of issues. The vast majority of removal decisions fall into one of the following categories:
7.1. Hacks, security breaches, and critical contract bugs solely on the side of the token or coin issuer. For example:
On March 26, 2019 04:19 UTC MXM had reached out to HitBTC reporting a “critical vulnerability” in their smart contract. We immediately suspended the withdrawals and deposits.
On March 28 the team reached out to us again asking to list a fork of their token that had been distributed using a snapshot made on March 25, 19:00 UTC”, 9 hours before we were notified.
The resolution proposed by the core team:
During the audit, our financial department identified a mismatch between the new tokens received and the quantity required for a one to one conversion for our customers.
Having reached no consensus with the core team, we decided to remove MXM from the platform.
We reversed the transaction of the insufficient amount of tokens transferred to us back to the MXM team.
After negotiations, the MXM team solely took responsibility to convert old tokens for our customers. We carefully monitored this process.
June 20, 2018, a security breach was exploited in the MORPH smart contract by malicious actors, that allows anybody to issue an unlimited number of tokens.
June 21, 2018 at 20:06 UTC the MORPH team contacts our sales department with requests to “pause listing”, and “pause trading”, and to be prepared to swap the smart contract with the reason “issues with our smart contract”.
June 22, 2018 at 10:29 UTC. Following established procedures, our sales department initiated negotiations to support the new smart contact as defined by our standard procedure for any regular business activity involving the resources of our tech team.
Independently on June 22, 2018 at 20:46 UTC our AML and security departments’ alarms were set off indicating malicious activity related to MORPH’s smart contract.
Transfers from custodial to trading accounts were suspended immediately to prevent fraudulently issued tokens entering our liquidity pool.
A financial control check found that 19,842,265 compromised MORPH tokens had entered our liquidity pool. We contacted the MORPH team and had provided detailed blockchain transaction data, analytics from our security department and data gathered regarding the malicious activity. We want to stress that during future communication we did not disclose irrelevant data that the MORPH team was requesting.
The MORPH team refused to provide the requested 19,842,265 new MRPH tokens in order to carry out the contract swap procedure with a 1 to 1 rate.
The MORPH team’s values not to admit own mistakes did not align with ours and we made a decision to cease our relationship with them.
Following this case, we thoroughly examined and revised our internal smart contract audit processes and KYC procedures for potential partners.
7.1.3. The BNT Case, an example of a core team acting in good faith when resolving their security breach.
Bancor experienced a security breach leading to a part of their funds being compromised on July 9, 2018.
On 9 July, 2018, the BNT core team moved a part of funds from our custody accounts without our consent*. This action immediately set off our financial control alarm and we closed all deposits and withdrawals of the BNT token.
*We realize that the vast majority of tokens are controlled centrally by their respective core teams, and we understand the importance of constructive communication with them.
After discussion with the core team we have reached mutual understanding. Bancor returned the funds retrieved from our custody on July 12, 2018.
7.2. Although we have been constantly improving our internal processes, in the past, a few cases of insufficient review did occur. Here are the most notable of them:
We made an announcement regarding XMV integration on May 3, 2018.
Resources of technical team were engaged and severe technical problems in XMV daemon and network were discovered.
In parallel a Due Diligence process was conducted. MoneroV failed to provide the set of required documentation.
We rejected XMV integration in early November, 2018.
As mentioned above, in December 2017, our back office was overwhelmed with requests.
The malicious activity occurred and some accounts were credited with x106 larger amounts than they actually deposited via the blockchain.
We invested a considerable amount of technical and operational resources into dealing with each customer affected on a case-by-case basis.
On May 4, 2018 John McAfee Tweets about the MTC token integration into HitBTC.
On June 28, 2018 McAfee Tweets his disdain for exchanges, targeting HitBTC specifically.
“The crypto exchanges have become the thing that we have originally fought against. Their power is immense. Hitbtc, for example, has increased suffering for millions of poor people who cannot afford the minimum buy-in since it is greater than their monthly income. Boycott them.”
“@hitbtc I will be your worst enemy until you prove that you are aligned with our community and are truly interested in helping the poor. You have not done shit to help access the only free healthcare in the world.”
Referring to ambiguous McAffee’s critics about the “buy-in” price (a term from poker), on June 30, 2018 we answered with a Tweet explaining our withdrawal fees.
Despite this, John McAfee continued to make significant efforts to create a toxic atmosphere around HitBTC.
We have deep sympathy to John’s beliefs that poor people should have access to new technologies, but we see a different way to achieve that – by building a robust infrastructure for future mass adoption.
7.3. The activity of a coin’s core team negatively affects our customers. For example:
On December 30, 2018, after persons with malicious intent exploited a vulnerability in the coin’s code, BTCP made the decision to make a hard fork of their blockchain, burning “shielded” and “unmoved” coins.
The BTCP team’s decision put in danger the unmoved coins stored in our custody system under Segwit BTC addresses. To “move” and protect them from being burned we had to either import cold custody’s BTC private keys to BTCP daemon or implement the BTCP transactions signature ourselves.
As importing keys from the high security segment of our custodial technical infrastructure to any third party daemon fundamentally contradicts our policy, we opted for signature implementation in order to protect our custody funds.
Despite our utmost efforts, we were unable to obtain clear documentation from the BTCP team that would have allowed us to implement the P2SH-P2WPKH signature in time.
We requested that the BTCP team to compensate us for the loss of coins that were burned based on their conscious decision to proceed with a hardfork.
The BTCP team refused to provide any alternatives, that would have prevented damage to the funds in our custody.
We decided to remove BTCP from our platform. You can find more details related to the BTCP case on our blogpost.
Please note that no single BTCP coin of our customers assets was lost in our custody because they were deposited after BTCP network start. Nevertheless, no airdrop of old coins was held.
Let us summarize the key points mentioned above. We believe in a future filled with self-sustainable Internet and virtual reality economies and we have actively been creating its vital infrastructure for many years. During this course we’ve mastered ways to create both a product that can support millions of users and the technology behind it. We have expended substantial effort in complying with the evolving regulations in the digital asset space including the practices necessary to exclude bad actors and establish fast and secure operations among many other aspects of the business in this industry.
However, by keeping our main focus on the things we consider to be fundamental, we perhaps neglected Public Relations as well as the necessity of reacting to public accusations – both fabricated and genuine. We consider it to be an important part of a public product and we are confident in our ability to convey our values and ideals.
We are constantly on the lookout for public communications talent with or without experience in blockchain technologies. Please feel free to contact us at email@example.com. We’d love to hear from you.
Please do not hesitate to contact me at firstname.lastname@example.org with any enquiries regarding our values.
Board Member, HitBTC