Fixed Float Suffers Another $2.8 Million Hack, Security Concerns Intensify

Cryptocurrency exchange FixedFloat, known for its fully automated trading platform, has fallen victim to yet another security breach, resulting in the loss of nearly $2.8 million worth of digital assets from its Ethereum chain hot wallet. The breach, reported by CyversAlerts, has left users shocked, awaiting resolution from the platform.

Read more about what went wrong below.

The Hack and Its Fallout

Recent reports indicate that the stolen funds from FixedFloat’s hot wallet were swiftly transferred to a suspicious address, comprising Ethereum (ETH), tether (USDT), Wrapped Ethereum (WETH), Dai (DAI), and USD Coin (USDC). Subsequently, the hacker converted these assets into Ethereum on decentralized exchanges before funneling them through the eXch exchange.

Following these illicit transactions, operations of the compromised hot wallet were halted, and the company’s website was taken offline for maintenance, further unsettling users.

Blockchain security firm Peckshield revealed that stablecoin issuer Tether blocklisted ten addresses associated with the unauthorized withdrawals, effectively freezing around $400,000 worth of USDT tokens.

A History of Breaches

This recent incident marks the second significant security breach suffered by FixedFloat. Previously, on February 16, the platform fell victim to a theft amounting to $26 million. During this attack, the audacious hacker managed to escape with 1728 ETH valued at $4.85 million and an additional 409 BTC valued at a staggering $21 million, resulting in total crypto losses of $26 million.

Analysis of the stolen assets revealed a distribution among multiple addresses in the Bitcoin chain, while assets from the Ethereum chain were routed to the eXch exchange. Experts speculated that the hacker may have obtained access to a private key associated with one of the exchange’s addresses.

Also Read: DeFi at Risk! Crypto Hacks Drain $336 Million in Q1 2024, Claims Report

So, Who’s to Blame?

Upon the exploit discovery, the FixedFloat confirmed the validity of the hack and it was made clear that the same hacker was the culprit behind both the February and the latest hack where Ethereum hot wallet which held the coins equivalent to $2.8 million was targeted. 

The team blamed the third-party services provider from whom they are using where the hacker managed to take advantage of a vulnerability. They also emphasized the work being done to strengthen the security infrastructure.

Here’s Some Reassurance?

FixedFloat reassured its customers that only the platform itself suffered financial losses, and funds invested by users and the company’s own funds remained secure. The exchange pledged transparency throughout the investigation process, with updates to be provided as the situation unfolds.

Also Check Out: Top 5 Crypto Hacks of March 2024: Market Loses $188 Million?!