FixedFloat Acknowledges $26 Million Bitcoin and Ether Exploit

FixedFloat has confirmed a significant exploit involving Bitcoin and Ether valued at approximately $26 million, as indicated by data on the blockchain. The exchange acknowledged the breach shortly after it surfaced on X (formerly Twitter). Initially, the team attributed the unusual outflows to minor technical issues and transitioned their services to maintenance mode.

Since February 17, several users have reported experiencing transaction freezes and funds disappearing from their accounts on the exchange’s X page. On-chain records reveal that on February 18 alone, over 400 Bitcoin equivalent to around $21 million and more than 1,700 Ether valued at nearly $5 million were syphoned off.

The method used to execute the attack remains unclear, prompting the exchange’s team to initiate an investigation into the security breach:

“We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon. We will provide details on this case a little later.”

Furthermore, visitors to the exchange’s website are currently greeted with an error message across all pages.

All pages of the FixedFloat website currently display an error message. Source: FixedFloat.

FixedFloat operates as an automated cryptocurrency exchange that does not mandate user registration or Know Your Customer (KYC) verifications. According to SEMrush data, approximately 26% of its web traffic originates from users in the United States. The exchange also incorporates the Lightning Network for Bitcoin transactions.

Cybersecurity on the blockchain presents a significant challenge for crypto projects. For example, the Solana ecosystem has been a target for scam-as-a-service marketplaces offering tools capable of executing bit-flip attacks.

Chainalysis has also noted the resurgence of ransomware payments in 2023, with a specific focus on high-profile institutions and infrastructure. According to a recent report, criminals generated a record $1 billion last year through supply chain attacks, ranging from individuals and small criminal groups to large syndicates.