A decentralized, non-KYC cryptocurrency exchange has been hacked. According to the team, FixedFloat, a well-known option to exchange Bitcoin and several cryptocurrencies in a decentralized and anonymous manner, suffered losses of more than $26 million due to the alleged hack. Financial losses from this incident include 409 BTC BTC and 1,728 ETH.
This incident was first reported by a community member via X on February 17th. However, the comments at the time were about forced maintenance occurring on the platform and some transactions taking longer. Just an hour later, the FixedFloat team addressed the issue, claiming “some minor technical issues.” The platform is still under maintenance.
However, when 0xJosh, an X user behind the X blame handle, posted about this hack, FixedFLoat agreed that this was in fact a hack. “FixedFloat just got exploited/the developer ran away with 1,700 ETH yesterday and the team is calling it ‘some minor technical issue’, crazy,” the user posted.
“I was mainly focused on researching other chains, but then I came across FixedFloat and saw that many users who made transactions did not receive their money. So I got interested. , peaked. And lo and behold, they got them. Exhausted,” 0xJosh explained to me in an X Direct Message. He says it's unclear whether this is an attack or an inside job, but claims it's best to wait for the FixedFloat team to reveal this information.
“The recent hack on our systems was not perpetrated by an employee; it was an external attack caused by a weakness in our security structure. The limited information we can share at this time indicates that the issue was Our infrastructure was compromised due to flaws and inadequate protections,'' the FixedFloat team told me via email.
These flaws allowed an attacker to access some functionality of the service. However, FixedFloat cannot fully disclose the incident as the investigation is ongoing. “We are committed to submitting a full report upon completion,” they stressed.
Despite the losses, the platform only has outstanding payment obligations for around 30 orders to users, and the team told me that payments will be made “as soon as we resume service and are satisfied that it is safe.” Ta.
Fixfloat explained that the hack only affected its services and did not affect users' funds. “We would also like to emphasize that FixedFloat does not perform the functions of a custodial service, i.e. does not store user funds,” they further elaborated.
According to X's officer_cia user, the leaker transferred most of the stolen ETH to eXch, a centralized mixer that uses thorswap on Ethereum ETH after the attack. The stolen BTC began to be dispersed and even mixed through Whirlpool, a mixing service run by Samurai Wallet and using non-KYC exchange TradeOgre.
“Before you interact with smart contracts, check to see if they have been audited by a reputable security firm. Auditing can significantly reduce the risk of vulnerabilities, but cannot completely eliminate them,” 0xJosh He recommended it when working with decentralized exchanges like FixedFloat.
follow me twitter Or LinkedIn.
