Non-KYC crypto exchange FixedFloat hacked, nets $26 million in Bitcoin and Ethereum

FixedFloat, a cryptocurrency exchange operating without “Know Your Customer” (KYC) and anti-money laundering (AML) measures, was hacked earlier this month, resulting in over 400 Bitcoins worth approximately $26 million being hacked. and more than 1,700 Ethereum were lost.

Blockchain security company BlockFence identified the Bitcoin address used in the theft, and on-chain data from linked Ethereum addresses revealed multiple high-value transactions to various addresses.

According to fellow blockchain analysis firm PecShield, the stolen funds were moved through the Ethereum mixer eXch shortly after the hack, complicating the traceability of stolen assets. Peckshield said a small portion of the funds were moved to HitBTC and CoinSpot, and the wallet addresses were labeled as “FixedFloat Drainer.”

Fixed floating point conveyed Decryption It claimed that the hack was not carried out by one of its employees, but “was an external attack caused by a weakness in our security structure.”

“The problem lies with our infrastructure, which was compromised due to defects and inadequate protections,” the company said in a statement. “This allowed the attacker to access some features of our service.”

After the hack, FixedFloat initially cited “minor technical issues” and placed the system in “maintenance mode.” This was before the full extent of the hack was revealed, causing confusion and concern among users.

“We did not report the hack immediately because we were already aware of the incident and immediately began to put our services into maintenance mode to ensure security and minimize losses. ,” the exchange said. Decryption. “At that time, we were unable to publicly announce what happened because our main focus was quickly eliminating weaknesses and strengthening our overall security.”

In a subsequent statement, FixedFloat assured customers that their funds were safe and clarified that any financial losses would only affect the service itself and not the assets held by users. “FixedFloat does not perform the functions of a custodian service, i.e. it does not store user funds. Further details will be provided later,” the platform tweeted.

However, once reports of the hack started spreading through social media, the platform acknowledged the incident and opened up about the attack.

“We can confirm that a hack and theft of funds did indeed occur,” FixedFloat’s official Twitter account wrote in a reply to the tweet. Improve security and investigate.

“Our services will be available again soon.”

The exchange subsequently assured that users' funds were safe and that the stolen funds only affected the company's internal operations. If so, the hack likely took place from one of the exchange's hot wallets.

The official FixedFloat site is not yet functional as of this writing.

FixedFloat, which touts “instant, fully automated cryptocurrency exchange using the Lightning Network,” prioritizes privacy over security and operates without the need for account registration or identity verification. While this lack of KYC measures is appealing to privacy-conscious users, it poses a significant risk to both the platform and its users in the event of a hack, as investigators have limited information to work with.

Such incidents are less common than before. A recent report from blockchain forensics firm Chainaracy revealed that funds stolen from crypto platforms will decrease significantly in 2023. Despite a slight increase in individual hacking incidents, the total amount of funds stolen decreased by approximately 54.3% to $1.7 billion. This is mainly due to rapid changes. Decrease in DeFi hacks.

Fixfloat reported that it is working with law enforcement agencies, blockchain forensics firms, and cryptocurrency exchanges to track down the hackers, who have not yet contacted exchanges. The company said that as soon as it resumes operations, it can be confident that it will honor all payment obligations and that the exchange will be safe for use again.

Edited by Ryan Ozawa.