Decentralized Crypto Exchange FixedFloat Suffers $26 Million Hack

Decentralized Crypto Exchange FixedFloat Suffers $26 Million Hack

FixedFloat, a decentralized and non-KYC (Know Your Customer) cryptocurrency exchange, has fallen victim to a significant security breach, resulting in a loss of over $26 million. The breach involved the theft of 409 Bitcoin (BTC) and 1,728 Ethereum (ETH), marking a substantial financial setback for the exchange.

The hacking incident initially came to light through community discussions on X on February 17, focusing on unexpected platform maintenance and delayed transactions. However, it wasn’t until a user, 0xJosh, highlighted the severity of the situation, that FixedFloat acknowledged the hack, describing it earlier as “some minor technical problems.”

0xJosh, who reported the exploit, shared insights into his discovery of the hack, noting the unusual transaction delays and the eventual discovery of the funds drain. While it remains uncertain whether this was an external attack or an inside job, FixedFloat has confirmed that the breach was the result of external exploitation due to vulnerabilities in their security architecture.

FixedFloat’s Statement and Assurance

In response to the incident, the FixedFloat team emphasized that the hack was not an internal act but an external attack exploiting flaws in their infrastructure. They assured that a comprehensive report would be shared once the investigation concludes. Despite the significant loss, FixedFloat has committed to settling outstanding payments for approximately 30 affected orders as soon as the platform is deemed secure for resumption.

FixedFloat clarified that the hack impacted the service infrastructure, not the user funds directly, reinforcing that their platform does not operate as a custodial service by holding user assets. The stolen ETH was reportedly transferred to a centralized mixer, leveraging thorswap on Ethereum, while the stolen BTC was dispersed and partially mixed using non-KYC exchange services.

In light of the hack, security researchers like 0xJosh advise users to ensure that any smart contract or decentralized exchange they interact with has undergone thorough audits by reputable security firms. While audits can significantly mitigate risks, they cannot wholly eliminate the possibility of vulnerabilities.

    Newsletter | Every weekday

    Smart Central News Weekly Briefing

    Only top industry news of the week in your inbox