Decentralized exchange FixedFloat confirmed there was a theft of funds from its platform shortly after unusual blockchain transaction activity suggested at least $26 million had been stolen earlier in the day.
Posted February 19, 2024 at 12:13 am EST.
FixedFloat, a non-custodial crypto exchange that facilitates an automated exchange of cryptocurrencies, appears to have been hacked for $26.1 million over the weekend.
On-chain data shows that a suspicious address drained 409 Bitcoin, worth $21.1 million at the time, from the platform. On the Ethereum blockchain, an attacker appears to have drained 1,728 Ether, worth around $4.85 million, from FixedFloat to another address.
The losses on Ethereum $4.8M, funds deposited to eXch.
FixedFloat Wallet: 0x4E5B2e1dc63F6b91cb6Cd759936495434C7e972F
Attacker Wallet: 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) February 18, 2024
On Feb. 17, a number of users took to X to complain that transactions were not being processed on FixedFloat. At the time, the team behind the exchange attributed this to “minor technical problems” and said that the platform had been switched to maintenance mode.
The team later confirmed that an exploit had taken place, but said that they were not yet ready to make public comments on the matter.
Hello,
We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon.
We will…
— FixedFloat⚡️ (@FixedFloat) February 18, 2024
Blockchain security researchers have found that the attacker has started laundering funds through crypto exchanges eXch.cx and HitBTC.
Interestingly, FixedFloat itself has often been the tool of choice for hackers looking to launder funds, given the fact that it does not require users’ registration or Know Your Customer (KYC) verifications.
In October, a hacker stole around $3 million worth of Avalanche’s native token AVAX from the Web3 social media app Stars Arena and transferred the funds through FixedFloat. However, the platform has also thwarted the efforts of some exploiters in the past, freezing $200,000 worth of ETH from the Curve Finance hacker in 2022.