A decentralized, non-KYC cryptocurrency exchange has been hacked. FixedFloat, a well-known option for exchanging Bitcoin and several cryptocurrencies in a decentralized and pseudonymous manner, lost more than $26 million in an alleged hack, according to their team. Financial losses resulting from this incident include 409 Bitcoin and 1,728 Ethereum.
The incident was initially reported through X by community members on February 17. But at that moment, the comments were about the forced maintenance the platform was experiencing and the long times some transactions were taking. Just an hour later, the FixedFloat team addressed the issue, claiming there were “some minor technical issues.” The platform is still under maintenance.
But when the X user behind the reprimand indicator on “FixedFloat just got exploited/developer ran away with 1,700 ETH yesterday, team describes it as a ‘minor technical issue’ – crazy,” the user posted.
“I was mainly focusing on looking at other chains, and I came across FixedFloat, and I saw that a lot of users who had made transactions weren't getting their money back, so I got curious and stopped, and, oh my God, and here they are, I'm drained.” 0xJosh explained it to me via X DMs. He says it's unclear whether this is an attack or an inside job, but it's best to wait for the FixedFloat team to reveal this information.
“The recent breach of our system was not carried out by our employees; it was an external attack caused by vulnerabilities in our security architecture. The limited information we can share at the moment is that the problem was in our infrastructure, which was compromised due to 'flaws and inadequate protection,'” he explained. The FixedFloat team sent me an email.
These flaws allowed attackers to access some functions of the service. However, FixedFloat cannot fully disclose the incident as the investigation is ongoing. They stressed, “We promise to submit a full report upon its completion.”
Despite the loss, the system only has outstanding payment obligations for about 30 orders from our users, and payments will be made “immediately after we resume the service and are satisfied that it is safe,” the team told me.
FixedFloat explained that the hack only affected the service, but user funds were not affected. “We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds,” they detail.
According to user officer_cia on The stolen Bitcoin began to disperse and was mixed through Whirlpool, a mixing service operated by Samourai Wallet that uses the non-KYC TradeOgre platform.
“Before interacting with a smart contract, check if it has been audited by a reputable security firm. Audits can significantly reduce the risk of security vulnerabilities but do not completely eliminate them,” 0xJosh recommended when interacting with decentralized exchanges like FixedFloat.
Follow me Twitter Or LinkedIn.
