Affected by the FixedFloat Security Breach 💸
You have become the victim of another security breach on the cryptocurrency exchange FixedFloat, resulting in a significant loss of $2.80 million. At the core of the issue, suspicious transactions were identified by blockchain forensics firm Cyvers. These transactions led to the unauthorized withdrawal of funds from FixedFloat’s hot wallet on the Ethereum (ETH) blockchain.
FixedFloat Hacked Again 🛑
The breach at FixedFloat, revealed on April 2, involved the transfer of various digital assets like ETH, USDT, WETH, DAI, and USDC to an uncertain destination. Malicious actors swiftly converted these assets into ETH via a decentralized exchange (DEX) before transferring the entire sum to eXch. Following this incident, the compromised hot wallet ceased operations, and the company’s website underwent maintenance.
- Security breach at FixedFloat led to a loss of $2.80 million.
- Unusual transactions detected, resulting in the withdrawal of funds from the hot wallet.
- Various digital assets, including ETH, USDT, WETH, DAI, and USDC, transferred to a dubious address.
This unfortunate event marks the second security breach for FixedFloat, with a prior incident on February 16 causing a loss of $26 million.
Cyvers Analysis 🕵️
Cyvers analysts pointed out an access control issue at FixedFloat, as in the previous hack. Unauthorized access to the hot wallet allowed the withdrawal of substantial funds. Notably, blacklisted tokens like USDT and USDC were swiftly swapped to avoid freezing, while DAI was directly deposited to eXch without conversion. This suggests targeted exploitation of vulnerabilities within the system’s access controls.
Responding to the Breach 🚨
FixedFloat acknowledged the breach, attributing it to the same adversaries responsible for the previous attack in February. Despite heightened security measures post the last incident, hackers exploited a vulnerability in a third-party service. The stolen funds were part of the service’s operating liquidity, and FixedFloat assured users that their assets were not directly impacted due to the non-custodial service model.
- Adversaries behind the February attack responsible for the recent breach.
- Hackers exploited a vulnerability in a third-party service despite enhanced security measures.
- Stolen funds were operational liquidity, ensuring user funds were not affected directly.
Future Security Measures 🔒
FixedFloat highlighted ongoing investigations into the hack, aiming to bolster its security framework to prevent future breaches. The company is working to fortify its defenses and reduce risks to safeguard user assets effectively.