The automated DeFi exchange, FixedFloat, was targeted in a hacking incident that resulted in the loss of 409 Bitcoin (valued at approximately $21.3 million) and 1700 ETH (worth around $4.9 million). This breach was reported by the blockchain cybersecurity Twitter account Officer’s Notes, under the handle @officer_cia.
Looks like @FixedFloat just got exploited for 1700 ETH!
Drainer address: 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085
Info by: @reprove pic.twitter.com/XHnHy3CFSs
— Officer's Notes (@officer_cia) February 18, 2024
The exchange itself later confirmed the hack in the same thread.
Hello,
We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon.
We will…
— FixedFloat⚡️ (@FixedFloat) February 18, 2024
In response to another X tweeter, the exchange clarified: “Financial losses affected only our service, user funds were not affected. We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds.”
The team also promised to release more information about the attack.
Financial losses affected only our service, user funds were not affected. We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds. We will provide more information later.
— FixedFloat⚡️ (@FixedFloat) February 19, 2024
FixedFloat Takes Action On Attack
Cryptonews emailed FixedFloat for comment.
The team replied that it did not immediately report the incident, despite knowing it occured. Instead, it put the service “into maintenance mode to ensure security and minimize losses.”
The spokesperson said their “main focus was on quickly eliminating weaknesses and strengthening overall security, which prevented [the exchange] from making public statements about what happened.”
FixedFloat clarified the attack was not internal and attributed it instead to “flaws” and “insufficient protection” in the exchange’s infrastructure.
The team stated it can’t publicize more details due to an ongoing investigation, but “promise[s] to provide a full report on completion.”
“Currently, we actually have outstanding payment obligations for approximately 30 orders to our users” said FixedFloat.
“These payments will be made immediately after we have resumed the service and are satisfied that it is safe. We guarantee the fulfillment of all our obligations to clients, clarifying that financial losses affected only our service, user funds were not affected.”
How Does FixedFloat Work?
FixedFloat is a fully automated exchange that allows people to trade crypto anonymously without requiring login or KYC details. B
eing non-custodial, users are ultimately in charge of their own cryptocurrencies, unlike centralized exchanges (CEXs) where the platforms often custody their users’ crypto portfolios. FixedFloat is on Bitcoin’s Layer 2, the “Lightning Network”.
As such, it offers users accelerated speeds and lower transaction costs.At the end of last year, FixedFloat celebrated completing 15,000,000 exchanges between over 100,000 customers. It currently supports 67 different cryptocurrencies.
In its statement to Cryptonews, the exchange clarified that it is not a “cryptocurrency mixer,” a label wrongly attributed to it by various crypto publications. The FixedFloat team also strongly denies reports that most of the funds exchanged on the platform are of criminal origin.