crypto hacking
FixedFloat was attacked Monday by the same exploiters that stole $26 million from the crypto exchange last month. Alesia Kozik/Pexels.com

KEY POINTS

  • Blockchain security firms first reported 'suspicious' activity on the exchange early Tuesday
  • FixedFloat said the hackers detected a 'vulnerability of a third party' whose services the exchange uses
  • Tether blacklisted 7 addresses that received $280,000 in USDT from the exchange

Cryptocurrency exchange FixedFloat has once again been exploited, and by the same threat actors that carried out the mid-February hack that saw Bitcoin and Ether losses of $26 million.

Multiple blockchain security firms flagged "suspicious transactions" on the exchange early Tuesday, with Cyvers Alerts saying, "a staggering $2.8M was withdrawn from their hot wallet on the $ETH chain." The said funds were then transferred to a "suspicious address" that swapped various cryptocurrencies from FixedFloat into ETH before they were funneled into the eXch exchange.

CertiK said $3 million has been exploited so far and the FixedFloat site is down for technical work.

FixedFloat confirmed the attack late Tuesday. "On April 1, we were again attacked by the attackers who were behind the February 16 hack. The attackers did not stop there and continued to use various methods to try to hack our service again," it said.

The exchange noted that the FixedFloat team was able to repel some of the attacks but despite its best efforts, the exploiters discovered "a vulnerability of a third party whose services we use." It also reassured users that "the financial losses affected only our service; hackers stole funds to ensure the liquidity of the service, that is, the company's funds and user funds were not affected."

FixedFloat is actively investigating the exploit and no details can be provided yet as the probe is ongoing, it concluded.

Stablecoin giant Tether, which is behind the USDT token, blacklisted seven wallet addresses after the latest attack on FixedFloat, according to system vulnerability analysis and malware defense firm PeckShield. "These addresses received a total of $280K $USDT from #FixedFloat," PeckShield noted.

The popular exchange was exploited for $26 million in BTC and ETH on Feb. 16. At the time, a spokesperson for FixedFloat told International Business Times that the system breach was "not carried out by our employees" and user funds were unaffected. It also reiterated that it was focused on resolving the FixedFloat system's vulnerabilities and strengthening its overall security.

FixedFloat is just one of several crypto companies that suffered exploits in recent weeks. Among the latest is liquid staking protocol Prisma Finance, which lost around $11.6 million. Prisma's exploiter has since demanded a public apology due to what it called "mistakes" committed by the protocol's development team. The hacker also asked that Prisma developers reveal themselves to the public to regain trust.

Blockchain security firm SlowMist said in its March 2024 security report that the web3 ecosystem lost a total of $139 million during the month to security incidents. It noted that "insider malfeasance" and smart contract vulnerabilities were among the key issues that affected the security of the emerging sector last month.

Read more