Cryptocurrency Exchange FixedFloat Suffers $26 Million Exploit In Bitcoin And Ethereum

Updated: 19 February 2024

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

Cryptocurrency exchange FixedFloat has been exploited for at least $26 million worth of Bitcoin and Ethereum, on-chain data shows.

FixedFloat confirmed the attack just a few hours after the incident was reported on X after initially saying massive outflows were due to “minor technical problems.” It then switched its services to maintenance mode.

“We confirm that there was indeed a hack and theft of funds,“ said the exchange. “We are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon. We will provide details on this case a little later.”

Users Started Reporting Issues On FixedFloat

Since Feb.17, multiple users have reported frozen transactions and missing funds on the exchange’s X page. On-chain data shows that more than 400 BTC, worth approximately $21 million, was drained from the platform on Feb. 18.

More than 1,700 ETH worth $5 million was also transferred out of FixedFloat during the incident. The exchange’s website shows that the platform is still in maintenance mode as of 4:15 a.m. EST.

Looks like @FixedFloat just got exploited for 1700 ETH!

Drainer address: 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085

Info by: @reprove pic.twitter.com/XHnHy3CFSs

— Officer's Notes (@officer_cia) February 18, 2024

The automated crypto exchange does not require users to complete Know Your Customer (KYC) verification. SEMrush data shows that approximately 26% of the platform’s web traffic comes from users in the US.

Cyber Criminals Grow More Active In The Web3 Space

Cyber threats within the blockchain space have grown more prominent over the past few months. The resurget Solana ecosystem, for instance, has been targeted by scam-as-a-service marketplaces that offer buyers drainers which can perform bit-flip attacks.

🫡 Scam-As-A-Service: New Solana Drainers Identified 🫡

Web3 security firm Blowfish has detected two new Solana drainers that can perform bit-flip attacks, according to a Feb. 9 analysis shared on X (formerly Twitter).

The drainers, known as ‘Aqua’ and ‘Vanish,’ were flagged… pic.twitter.com/IRbbQTUaG0

— Printhereum (@Printhereum) February 10, 2024

Chainalysis also flagged the return of ransomware payments in 2023 with high-profile institutions the primary target for such attacks. A report by the on-chain tracking firm shows that criminals made a record $1 billion in 2023 through supply chain hacks.

It also showed that these hackers ranged from small criminal groups to large syndicates.