In an apparent bug in the system coding on small cryptocurrency exchange Exbitron, users were allowed to sell coins they didn’t have into USDT and withdraw that USDT.
When your code is not secure, it will be exploited. A simple mantra to live by, especially for a cryptocurrency exchange.
Yet, when small alt-coin exchange Exbitron updated its code, this mantra was ignored, leaving the site vulnerable to an exploit hack on a specific coin market.
This glitch seemed to have happened when the new coin Tari was added to the exchange. The coin has had some difficulty with its GUI software Tari Universe reflecting wallet balances, but it’s unclear why this would affect how Exbitron was communicating with the minotari wallet software which was not known to have any vulnerabilities related to the explanation given by Exbitron for the hack.
To make matters worse, the owner of the exchange @eskalko explained in Exbitron’s Telegram group on Friday June 6th 2025 an explanation that may not bode well for the future reputation of the exchange. According to @eskalko, the bug was part of a slew of bugs in an upcoming migration that are now being patched, but expressed how the damage is already done, alluding that any lost coins are permanently gone.
The following is the full message @eskalko posted in Telegram, before disallowing replies to the group:
@everyone Hello guys.
We spent yesterday fixing XTM as migrating to new backend. I can tell i went sleep for 2 hours and got back here but it seems it was too late.
Im still investigating howcome users were allowed to create such huge sell orders – without actual balance. I will prepare report for this cause more markets were affected.
There is some huge bug allowing this but on the other side – people who dumped it all – if you have at least minimum humanity in you come and join me for a chat 😉
Lot of you have pending withdrawals for your dumped coins and lot of you bought these accumulated FAKE coins.
If there was some balance in this world – we could sort this out very easily.
As I said, we need to investigate total damage caused by this and I will share emails of users that knew they dont have enough balance but they still dumped and sold all what system allowed them.
“I hope you are enjoying” the USDT you got this bad way.
I will share more news soon.
I beg those who damaged us to return it so we can solve this.
Thanks!@everyone hello, it seems more and more that the new code release – we tested weeks before deploying, had bugs.
Those bugs are now being investigated, patch should be soon release but well it will not change what already happened.
Once I have final statement about this backend release bugs will share with you guys. Now im not able to allow any connection to our exchange cause damage could be far worse.
You saw the fake orders / volumes. Well people were withdrawing usdt they didnt own. I already contacted those regular traders – no response yet.
Once all information collected I will share details, emails of those responsible for taking advantage by this exploit.
Sorry but this is serious issue and we are very said that finally after 2 years we were moving somewhere higher …. we prepared various EDBT campaings and other stuff – this migration should have been game changer for us … but not this way.
Crypto trader @jkronos55 expressed a sentiment being felt by many other users of the exchange when we reached out for comments.
“It’s yet another reason not to leave your coins on a small shady exchange that uses no KYC and claims to be backed by real wallets,” he said. “This message from the Exbitron is a poor excuse since its users are meant to trust the security of the website and competence of the operators. It comes across as a possible lie to cover up other lies — why would you make it that easy to hack your exchange? Or did you cut corners on security in favor of keeping the exchange alive to reap the rewards of the fees? And more importantly why would you claim you reached out to your anonymous users to ask for the money back? What scammer in their right mind would comply to that?”
Other users are expressing doubt about the explanation as well, citing the fact that @eskalko disallowed replies in the Telegram group. “It’s not great customer support,” one chatter said. Another lamented about not being to trust any exchange these days by saying, “yet another seemingly great exchange exit scamming when the market takes a plunge,” referring to the price of Bitcoin and alt-coins making a dip in the past two weeks.
Is this the end of Exbitron?
Exbitron has been operating for a couple years and has been home to the trading of new coins before major exchanges picked them up, a service that many people want but can’t usually find.