Back to the list

Crypto Exchange FixedFloat Suffers Second Security Breach With $2.80 Million Lost

source-logo  beincrypto.com 02 April 2024 20:30, UTC

The cryptocurrency exchange FixedFloat has fallen victim to a second security breach, resulting in a loss of $2.80 million.

Blockchain forensics firm Cyvers sounded the alarm, revealing that suspicious transactions were detected, leading to the withdrawal of funds from FixedFloat’s hot wallet on the Ethereum (ETH) blockchain.

Crypto Exchange FixedFloat Hacked

FixedFloat’s incident, detected on April 2, involved the transfer of various digital assets, including ETH, USDT, WETH, DAI, and USDC, to a dubious address. The malicious actors swiftly converted these assets into ETH through a decentralized exchange (DEX) before moving the entirety to eXch.

Following these transactions, the compromised hot wallet ceased operations, and the company’s website was taken offline for maintenance.

Unfortunately, this security breach is not the first for FixedFloat. On February 16, the crypto exchange experienced a security compromise that led to a loss of $26 million.

“The security breach at FixedFloat suggests an access control issue, similar to a previous hack on February 16. In both incidents, unauthorized access to the hot wallet led to the withdrawal of significant funds. Notably, blacklisted tokens like USDT and USDC were swiftly swapped to avoid being frozen, while DAI was directly deposited to eXch without conversion. This pattern indicates a targeted exploitation of vulnerabilities within the system’s access controls,” analysts at Cyvers told BeInCrypto.

Read more: Identifying & Exploring Risk on DeFi Lending Protocols

FixedFloat Stolen Funds. Source: Cyvers

FixedFloat acknowledged the breach, attributing it to the same adversaries responsible for the February incident. Despite heightened security measures taken since the last attack, the hackers exploited a vulnerability in a third-party service.

The crypto exchange emphasized that the stolen funds served as operational liquidity for the service. It also assured that the non-custodial service model of FixedFloat protected user assets from direct impact.

“We would like to emphasize that financial losses affected only our service; hackers stole funds to ensure the liquidity of the service, that is, the company’s funds and user funds were not affected. We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds,” FixedFloat emphasized.

Read more: 14 Best No KYC Crypto Exchanges in 2024

The exchange is currently conducting a thorough investigation into the hack. While details remain sparse, FixedFloat aims to enhance its security framework to thwart future attacks. The company reassured its users that it is taking measures to fortify its defenses and mitigate risks.