FixedFloat, a cryptocurrency exchange operating on the Bitcoin Lightning network, disclosed a security breach on the X platform (previously known as Twitter), reporting unauthorised transactions and significant financial losses.
The breach, detected on 2 April, involved the transfer of over $3 million in various digital assets, including ETH, USDT, WETH, DAI, and USDC, to a suspicious address.
Security firms CertiK and Cyvers were among the first to detect the unauthorised transactions, highlighting the urgency of the situation.
The malicious actors swiftly converted the assets into ETH through a decentralised exchange (DEX) before transferring them to eXch.
As a precautionary measure, FixedFloat suspended its hot wallet operations and temporarily took its website offline for maintenance.
Unfortunately, this breach is not the first for FixedFloat, as the exchange experienced a $26 million security compromise on 16 February.
Despite implementing enhanced security measures since the previous incident, the hackers exploited a vulnerability in a third-party service.
FixedFloat emphasised that the stolen funds were operational liquidity and reassured users that their assets were protected under the exchange's non-custodial service model.
In response to the breach, FixedFloat issued a statement acknowledging the attack and outlined immediate and future security measures.
The exchange pledged to fortify its infrastructure and continuously improve security protocols to prevent similar incidents.
While FixedFloat assured users that their assets remained safe, the breach has prompted a thorough investigation.
Given the potential ramifications for trust and security within the cryptocurrency community, industry experts are closely monitoring the situation.
The recurrence of security breaches raises questions about the efficacy of corrective measures and underscores the challenges exchanges face in safeguarding against sophisticated cyber threats.