Popular non-custodial cryptocurrency exchange FixedFloat has acknowledged a significant attack on its site over the weekend. On the social media site X (previously Twitter), the exchange admitted to a security breach and the ensuing loss of cash. This was done in response to the cryptocurrency community’s increased inquiries and worries over a possible exploit.
Hello,
We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon.
We will…
— FixedFloat⚡️ (@FixedFloat) February 18, 2024
However, the FixedFloat team did not provide any information about the nature of the incident or the precise quantity of digital assets the attackers took in their original announcement. The exchange said, “We are working hard to eliminate all potential vulnerabilities, considerably strengthen security measures, and completely examine the incident’s circumstances.”
Furthermore, as a non-custodial exchange platform, FixedFloat allows users to trade and swap cryptocurrencies automatically without having them register or provide Know Your Customer (KYC) documentation. The platform now supports and interacts with the Bitcoin Lightning Network for quicker and less expensive Bitcoin transactions.
Analysis of on-chain data by blockchain security firms has revealed that the stolen funds from the FixedFloat hack were worth a staggering $26 million in various digital assets. This included 1,728 Ethereum (ETH) tokens, currently valued at approximately $4.85 million, and a massive haul of 409 Bitcoin (BTC) worth around $21 million at current market rates.
FixedFloat Hack: Funds Laundered via eXch & Samourai Wallet
PeckShield reports the attacker transferred the majority of stolen ETH to eXch, a cryptocurrency mixing service, for asset trail obfuscation. Cryptocurrency mixers scramble digital assets from various sources, obscuring their origins and impeding the tracing of fund sources.
#PeckShieldAlert #FixedFloat was hacked, resulting in ~1,728 $ETH (worth ~$4.85m) and & 409 $BTC (worth ~$21m) stolen. The drainer already transferred most of the stolen $ETH to #eXch on #Ethereum pic.twitter.com/IZKbCclH8v
— PeckShieldAlert (@PeckShieldAlert) February 19, 2024
Meanwhile, the 409 stolen BTC were split among multiple addresses by the hacker, as reported by Beosin Alert. An analysis shows the attacker transferred 166.1 BTC of the stolen funds to Samourai Wallet. This Bitcoin wallet facilitates CoinJoin transactions to enhance privacy and obfuscate transaction trails.
🚨@FixedFloat was exploited for ~$26.1M (409 $BTC and 1,728 $ETH).
On Ethereum, the attacker 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085 sent the stolen 1,728 $ETH to multiple addresses, then to Exch exchange.
The stolen 409 $BTC was dispersed to multiple addresses by attacker… pic.twitter.com/2usl0kwG5v
— Beosin Alert (@BeosinAlert) February 18, 2024
“CoinJoin transactions are a type of transaction where two or more people combine their funds into one transaction in such a way that after the transaction, it is unclear who owns which specific coin or portion of the funds,” explained Evgenii, a blockchain analyst.
Non-custodial exchanges offer increased security and privacy by allowing users to retain control of their funds during trades. However, Inherent in this model is an increase in the risk of hackers exploiting such platforms if vulnerabilities exist in their smart contracts or underlying code.
The FixedFloat team has stated that they are continuing their investigation into the hack while simultaneously working on implementing enhanced security measures to prevent similar incidents in the future. The exchange will provide further details and updates regarding the incident in the coming days.
Related Reading | Bitcoin ETFs See Massive $403M Inflow Amid Price Surge