Trusted

Crypto Exchange FixedFloat Suffers Second Security Breach With $2.80 Million Lost

2 mins
Updated by Bary Rahma
Join our Trading Community on Telegram

In Brief

  • FixedFloat experiences a second hack, losing $2.80 million, with funds withdrawn from its hot wallet.
  • Hackers transferred assets to a dubious address, converting them into ETH before moving them to eXch.
  • Despite security upgrades since a previous breach, FixedFloat stresses user funds were not affected.
  • promo

The cryptocurrency exchange FixedFloat has fallen victim to a second security breach, resulting in a loss of $2.80 million.

Blockchain forensics firm Cyvers sounded the alarm, revealing that suspicious transactions were detected, leading to the withdrawal of funds from FixedFloat’s hot wallet on the Ethereum (ETH) blockchain.

Crypto Exchange FixedFloat Hacked

FixedFloat’s incident, detected on April 2, involved the transfer of various digital assets, including ETH, USDT, WETH, DAI, and USDC, to a dubious address. The malicious actors swiftly converted these assets into ETH through a decentralized exchange (DEX) before moving the entirety to eXch.

Following these transactions, the compromised hot wallet ceased operations, and the company’s website was taken offline for maintenance.

Unfortunately, this security breach is not the first for FixedFloat. On February 16, the crypto exchange experienced a security compromise that led to a loss of $26 million.

“The security breach at FixedFloat suggests an access control issue, similar to a previous hack on February 16. In both incidents, unauthorized access to the hot wallet led to the withdrawal of significant funds. Notably, blacklisted tokens like USDT and USDC were swiftly swapped to avoid being frozen, while DAI was directly deposited to eXch without conversion. This pattern indicates a targeted exploitation of vulnerabilities within the system’s access controls,” analysts at Cyvers told BeInCrypto.

Read more: Identifying & Exploring Risk on DeFi Lending Protocols

Crypto Exchange Stolen Funds
FixedFloat Stolen Funds. Source: Cyvers

FixedFloat acknowledged the breach, attributing it to the same adversaries responsible for the February incident. Despite heightened security measures taken since the last attack, the hackers exploited a vulnerability in a third-party service.

The crypto exchange emphasized that the stolen funds served as operational liquidity for the service. It also assured that the non-custodial service model of FixedFloat protected user assets from direct impact.

“We would like to emphasize that financial losses affected only our service; hackers stole funds to ensure the liquidity of the service, that is, the company’s funds and user funds were not affected. We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds,” FixedFloat emphasized.

Read more: 14 Best No KYC Crypto Exchanges in 2024

The exchange is currently conducting a thorough investigation into the hack. While details remain sparse, FixedFloat aims to enhance its security framework to thwart future attacks. The company reassured its users that it is taking measures to fortify its defenses and mitigate risks.

🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024
eToro eToro Explore
Coinrule Coinrule Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
3Commas 3Commas Explore
🎄Best crypto platforms in Europe | December 2024

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

Frame-2466.jpg
Bary Rahma
Bary Rahma is a senior journalist at BeInCrypto, where she covers a broad spectrum of topics including crypto exchange-traded funds (ETFs), artificial intelligence (AI), tokenization of real-world assets (RWA), and the altcoin market. Prior to this, she was a content writer for Binance, producing in-depth research reports on cryptocurrency trends, market analysis, decentralized finance (DeFi), digital asset regulations, blockchain, initial coin offerings (ICOs), and tokenomics. Bary also...
READ FULL BIO
Sponsored
Sponsored