FixedFloat Hit by $26 Million Crypto Exploit

Decentralized cryptocurrency exchange FixedFloat has fallen victim to a devastating exploit resulting in the loss of at least $26 million worth of Bitcoin and Ether, as revealed by on-chain data.

The exchange team acknowledged the attack a few hours after it surfaced on X (formerly Twitter). Initially attributing the significant outflows to "minor technical problems," the team swiftly transitioned its services into maintenance mode.

Reports from users on the exchange's X page since February 17th have highlighted frozen transactions and disappearing funds. On-chain data indicates that over 400 Bitcoin (BTC) valued at approximately $21 million and more than 1,700 Ether worth nearly $5 million were siphoned off on February 18th.

The methodology behind the attack remains unclear. The exchange's team is actively investigating the security breach, stating:

"We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon. We will provide details on this case a little later."

Furthermore, visitors to the exchange's website are currently greeted with an error message across all pages.

FixedFloat operates as an automated crypto exchange without necessitating user registration or Know Your Customer (KYC) verifications.

Approximately 26% of its web traffic originates from users in the United States, as per data from SEMrush. The exchange is also integrated with the Lightning Network for Bitcoin transactions.

The Menance of Crypto Scam

This breach adds to the long list of cybersecurity challenges plaguing the digital asset industry. Notable protocols and firms, including Ripple, have fallen victim to similar crypto scams, resulting in the loss of millions of dollars in cryptocurrencies.

Ripple, for instance, reportedly suffered a significant breach, with $112.5 million worth of XRP coins vanishing in an attack.

The incident highlights the persistent challenge of on-chain cybersecurity confronting crypto projects. The Solana ecosystem, for instance, has been targeted by scam-as-a-service marketplaces offering tools capable of executing bit-flip attacks.

Chainalysis also highlighted the resurgence of ransomware payments in 2023, with a particular focus on high-profile institutions and infrastructure.

According to recent findings, criminals made a record $1 billion last year through supply chain attacks, ranging from individual actors to large syndicates.

Similarly, Solana's Phantom wallet recently faced a Distributed Denial of Service (DDoS) attack, highlighting the evolving tactics employed by malicious actors within the space.

Sometimes, the hackers target high-profile individuals, using their faces to create crypto scam videos that might entice unsuspecting viewers. 

Crypto enthusiasts and investors are urged to exercise utmost caution, especially when confronted with phishing links, to mitigate the risk of falling prey to such scams.