FixedFloat, a decentralized crypto exchange, has fallen victim to a substantial breach resulting in the loss of over $26 million worth of Bitcoin and Ether, as indicated by on-chain data. The exchange team acknowledged the attack several hours after it was initially reported on social media platform X, initially attributing the significant outflows to “minor technical problems” and subsequently transitioning their services to maintenance mode. Since February 17th, numerous users have reported frozen transactions and missing funds on the exchange’s X page, with on-chain data revealing the drain of more than 400 Bitcoin valued at approximately $21 million and over 1,700 Ether valued at nearly $5 million on February 18th.
Despite the substantial losses incurred, there is no clear indication of how the attack was carried out, prompting an ongoing investigation by the exchange team to identify vulnerabilities and bolster security measures. The team has confirmed the hack and theft of funds but has refrained from making public statements until they have addressed all potential vulnerabilities and completed their investigation. Concurrently, the exchange’s website displays an error message on all pages, further indicating the severity of the security breach and the impact on their operations.
FixedFloat operates as an automated crypto exchange without requiring user registration or Know Your Customer (KYC) verifications, attracting a significant portion of its web traffic from users in the United States. Additionally, the exchange integrates with the Lightning Network for Bitcoin transactions, enhancing its accessibility and usability. The incident underscores the challenges faced by crypto projects in maintaining on-chain cybersecurity, with the Solana ecosystem and other platforms experiencing targeted attacks by scam-as-a-service marketplaces offering malicious tools. Moreover, the resurgence of ransomware payments in 2023, particularly targeting high-profile institutions and infrastructure, highlights the growing sophistication of cybercriminal activity in the crypto space, posing significant risks to users and investors alike.
