FixedFloat, the fully automatic crypto exchange, has reportedly been a victim of yet another security breach. The hacker managed to take almost $2.8 million worth of crypto from the Ethereum chain hot wallet, with the platform’s access control issues to be blamed. The hack reported by CyversAlerts has left the exchange’s users bewildered and wondering as they wait for the platform to be sorted.
Here Is What We Know
According to the latest reports, The funds stolen from FixedFloat’s hot wallet went to a suspicious address in the form of Ethereum (ETH), tether (USDT), Wrapped Ethereum (WETH), Dai (DAI) and USD Coin (USDC). The hacker further swapped these funds for Ethereum on decentralized exchanges and later on was transferred to the eXch exchange.
Following these hacker transactions, the compromised hot wallet ceased operations and the company’s website was taken offline for maintenance casting more doubts on users.
According to blockchain security firm Peckshield, stablecoin issuer Tether blocklisted ten addresses involved in these withdrawals, effectively freezing about $400,000 worth of USDT tokens.
Fixed Float Hacked Again in the Same Way
With another unfortunate circumstance, this was not the first of the security breaches that FixedFloat encountered. An access control problem was attributed to the theft of $26 million on February 16 from the platform.
The audacious hacker successfully siphoned off 1728 ETH valued at $4.85 million and an additional 409 BTC valued at a staggering $21 million, culminating in a total crypto loss of $26 million attack.
A review of fund flow showed that the stolen assets were split among various addresses in the Bitcoin chain; similarly, the Ethereum chain route had many addresses channelled to the eXch exchange. Experts predicted that the hacker may have managed to access a private key with one of the exchange’s addresses.
Fixed Float Blames Third-Party
Upon the exploit discovery, the FixedFloat confirmed the validity of the hack and it was made clear that the same hacker was the culprit behind both the February and the latest hack where Ethereum hot wallet which held the coins equivalent to $2.8 million was targeted.
The team blamed the third-party services provider from whom they are using where the hacker managed to take advantage of a vulnerability. They also emphasized the work being done to strengthen the security infrastructure.
FixedFloat offered peace of mind to customers to ensure them that only the service itself was affected by financial losses and the hackers stole funds to ensure the liquidity of the service.in this regard, users invested funds and company funds were considered to be safe.
An investigation of the hacker incident is currently in progress, the forthcoming details will be announced as the situation evolves.