Earlier this month, the FixedFloat crypto exchange was hacked, which resulted in a total loss of $26 million, as the hackers got away with 400 BTC and 1,700 ETH tokens.
The crypto exchange is renowned for operating without ‘know-your-customer’ (KYC) and anti-money laundering (AML) measures.
The hack
BlockFence, the blockchain security firm, identified the bitcoin address involved in the hack and multiple high-value transactions to different addresses were identified via on-chain data.
PeckShield, another blockchain analytics firm, revealed that not long after the hack, the stolen funds had been moved through eXch, the Ethereum mixer, which made the traceability of the stolen assets difficult.
The analytics firm also disclosed that a small part of the funds had also been moved to CoinSpot and HitBTC and the wallet was labeled as ‘Fixed Float drainer’.
According to FixedFloat, none of its employees had been involved in the attack because it had been external and vulnerabilities in the security structure had led to it.
The company stated that the insufficient protection and flaws in their infrastructure had been the problem. The attackers had been able to compromise it to get access to some of the functions of their service.
The initial reaction
Initially, ‘minor technical problems’ had been cited by FixedFloat following the hack and its systems had been shifted into ‘maintenance mode’.
This was before the company had disclosed the full extent of the hack, which had resulted in concern and confusion amongst users.
The exchange said that they had not reported the hack immediately, but had been aware of it and had started putting their service in maintenance mode for minimizing losses and ensuring security.
It said that their focus had been to eliminate weakness and strengthen overall security due to which they had not issued any public statements.
Additional details
FixedFloat reassured customers in a subsequent statement that all funds were safe and clarified that the service itself had suffered financial losses and none of the user-held assets were affected.
The platform said that it did not provide custodial services due to which it does not store any user funds. It added that more information will be shared later.
However, once reports of the hack had begun to spread via social media, the incident was confirmed by the platform and it shared some of the details.
The official account of FixedFloat confirmed the hack via a tweet, along with the theft of funds. It also said that they were not ready to make any public comments.
It said that they were working on making their service available again as soon as possible and were working on eliminating all vulnerabilities and improving security.
Later, the exchange assured that customer funds were safe and that only the internal operations of the company were affected due to the stolen funds.
If so, one of the hot wallets of the crypto exchange was likely compromised. The official site of the exchange was inoperative at publishing time.