Bitcoin Exchange EXMO Loses $10.5M Worth of Tokens to Hackers, Halts Withdrawals

The cryptocurrency rally has drawn a great deal of attention to the market, with just about everyone looking to get their hands on digital assets. Sadly, this has also sparked renewed enthusiasm from hackers and unscrupulous actors.

Hot Wallets Drained

Top cryptocurrency exchange Exmo announced that it had suffered a security breach. In a security update, the exchange explained that it had noticed a flurry of suspicious withdrawals, with someone moving a large chunk of Bitcoin from its hot wallets.

The exchange added that the hackers had moved large amounts of XRP, ZCash, Ethereum Classic, and Tether as well. While it explained that the funds in its hot wallets comprise just five percent of all its total assets, it immediately shut down withdrawals.

Exmo also provided a list of some correspondent wallets that were most likely involved in the hack, asking global exchanges to block them from making any additional transactions. It added that it had launched an investigation with London police, adding that users should not deposit any funds to the affected wallets.

Exmo is a crypto exchange that has been operating in London for years. Founded in 203, it also maintains offices in Moscow, Barcelona, and Kyiv.

However, it was acquired in 2018 by GoverMedia Plus Canada, a Canadian publicly-listed holding firm. The acquisition allowed GoverMedia to own Exmo, although the exchange continued to operate almost independently since then.

It is unclear how much in crypto was actually stolen from Exmo. It is not listed on CoinMarketCap, so details into its finances aren’t readily available.

However, Maria Stankevich, head of business development at the exchange, told industry news sources that the hack was not so serious. The executive reiterated that since the hackers couldn’t get into the cold wallets, most of the users’ funds were safe.

Time to Beware

Hacks and other associated issues are beginning to get more rampant across the crypto space. Last week, decentralized finance (DeFi) coverage protocol Nexus Mutual announced that hackers had broken into the wallet of Hugh Karp, its chief executive.

In its announcement, Nexus Mutual explained that Karp was using MetaMask, a top Ethereum-based wallet platform. The hackers managed to install a compromised version of the wallet, tricking the CEO into signing a transaction that redirected all his NXM tokens into a wallet they controlled. The entire look amounted to 370,000 NXM tokens – worth about $8.2 million at the time the incident was reported.

The hackers soon began converting the tokens into Ether. Nexus Mutual explained that the hacker would have been an insider, since he or she could pass know-your-customer (KYC) security controls to authorize the transaction. However, with investigations still pending, it was yet unable to find the hacker.

A community manager with the protocol also told industry news sources that they were working under the assumption that the hacker could have been involved in identity fraud.