Decentralized crypto exchange FixedFloat suffered a major exploit on February 18th, resulting in the drainage of over $26 million worth of user funds.
The attack was first reported on social media site X, with multiple users complaining of frozen transactions and missing assets. On-chain data reveals over 400 BTC worth $21 million and 1,700 ETH worth $5 million were stolen from the platform.
In an official statement, the FixedFloat team acknowledged the hack:
“We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments, as we are working to eliminate vulnerabilities, improve security, and investigate. Our service will return soon and we will provide more details later.”
The platform’s website currently displays error messages, and trading functionalities appear to be disabled as the team addresses the attack.
As an automated decentralized exchange that does not require registration or KYC verification, FixedFloat may have been an enticing target for cybercriminals. Per SEMrush data, 26% of its web traffic originates from the United States.
This latest incident highlights the persistent threat of cyber-attacks facing cryptocurrency companies. Other ecosystems like Solana have recently been plagued by bit-flip draining schemes offered through scam-as-a-service marketplaces.
Meanwhile, a Chainalysis report found that ransomware payments hit record highs in 2023, indicating hackers’ preference for high-value institutions and critical infrastructure. Supply chain attacks netted an estimated $1 billion for threat actors last year.
As the dust settles on this violation of user trust and funds, FixedFloat will need to conduct a full post-mortem to identify attack vulnerabilities. Time will tell whether it can recover user confidence and enhance platform security to the demanding standards of the crypto sector.
