Crypto Exchange FixedFloat Suffer $26M Exploit

The crypto exchange platform Fixed Float, which runs without deploying the know your customer (KYC) checks, suffered a $26 million exploit following an unprecedented attack.

FixedFloat acknowledged the loss of over 400 Bitcoin and another 1700 Ethereum, approximated at $26 million. The loss is attributed to an attack that occurred in early February.

FixedFloat Suffer $26 Million Exploit

The scrutiny of the suspicious activity by the blockchain security firm BlockFence revealed the Bitcoin address involved in orchestrating the $26M theft. The Security firm linked the theft to an Ethereum address that executed several high-stake transactions to multiple addresses. 

Subsequent assessment of the attack by blockchain analytics firm PeckShield revealed the loot was moved via an Ethereum mixer identified as eXch immediately after the hack. The process complicated any attempt to trace the stolen assets. 

PeckShield revealed that some of the funds were remitted to CoinSpot and HitBTC. The firm labelled the wallet address behind the explosion a FixedFloat drainer. 

FixedFloat ruled out its staff from orchestrating the exploit, instead affirming it was externally executed. The crypto exchange attributed the attack to vulnerabilities arising in the security structure. 

The FixedFloat team indicated the challenge leading to the attack arose from the compromised infrastructure, primarily flaws and inadequate safeguards.

The crypto exchange that operates without the anti-money laundering policy indicated that the attackers gained access to several functions, thereby disrupting the services. 

FixedFloat Allege Technical Challenges in Placing System in Maintenance Mode

The hack initially led FixedFloat to cite minor technical challenges, prompting it to move the entire system into maintenance mode. The move resulted in confusion and concern for the clients before the hack’s revelation. 

The exchange admitted that it did not rush into reporting the hack despite its awareness of the incident. Instead, it prioritized placing the service systems into maintenance mode to reduce the losses. 

The crypto exchange explained that the primary focus involved mitigating the vulnerabilities and bolstering the overall security. The priorities were necessary, thus hindering it from issuing public statements regarding the incident.

The platform assured that funds belonging to the clients were safe and that the financial loss only affected the service rather than the user-held assets. 

 FixedFloat ruled put performing the custodial service functions, implying no storage of user funds. 

The circulation of the hack reports via social media prompted the platform to confirm the exploit. The platform was illustrated via its official Twitter account.

 FixedFloat indicated that it would not issue further comments to the public regarding the matter. It assured working to lower the vulnerabilities, foster security and scrutinize the attack. The platform assured it would restore the services. 

FixedFloat calmed the users’ concerns by assuring them of their fund’s safety and that the exploit affected its internal operations. 

The statement hinted the hack affected its hot wallet.

FixedFloat has, since its unveiling, profiled itself as a fully automatic exchange integrated with the Lightning Network. 

The platform adds that it prioritizes privacy despite not mandating account registration and user identity verification.

KYC Absence Attracts Privacy-Oriented Users

The analysts consider that the absence of KYC checks appeals to privacy-oriented users. Such poses an aggravated risk for the users and the exchange as investigators face limited information scope to execute their investigation. 

Exploits targeting hot wallets belonging to crypto exchanges have declined in number. A publication by blockchain forensic Chainalysis illustrated a 54.3% decline in funds stolen from the crypto platforms last year. Nonetheless, the platforms suffered a $1.7 billion exploit largely targeting decentralized finance (DeFi). 

FixedFloat confirmed in its statement that it was cooperating with law enforcement agencies, fellow crypto exchanges and blockchain forensics firms in an attempt to track down the orchestrators.

By press time, the hackers have yet to contact FixedFloat. Nevertheless, the platform assured that it would honour the payment obligations upon resumption of operations.

The platform promised to update the users when the exchange is safe for clients.