Altcoins Talks - Cryptocurrency Forum
Cryptocurrency Ecosystem => Crypto Exchanges => Topic started by: dkbit98 on February 19, 2024, 11:58:15 PM
-
FixedFloat exchange was hacked on February 18 and they lost Bitcoin and Ethereum worth around $26 million!
They confirmed this incident on twitter and they shut down their swap service until further notice.
Keeping this amount of money on hot wallets is crazy for any service. :P
https://cointelegraph.com/news/fixed-float-confirms-26m-exploit-bitcoin-ether
-
Fixedfloat.com's active so their swap service's restored. There's a case on bitcointalk but it's 1 case so their customers didn't report getting scammed so they didn't have a bad rep before the hack. Who's saying it's an inside job because storing $26M in hot wallets connected to swappers isn't regular strategy. It doesn't look like a real hack so who's got the money.
-
FixedFloat going to move to the new domain, https://ff.io/
As they say, this makes it harder for scammers to create phishing sites similar to their names.
Both domains are currently working.
-
FixedFloat going to move to the new domain, https://ff.io/
As they say, this makes it harder for scammers to create phishing sites similar to their names.
Did anyone test if fixedfloat exchange is really back and working after that big hack? :o
I see they have listed bitcoin, ethereum, litecoin and many other coins, only few of them are greyed out and not available.
-
It could've happened when you visited because they had restrictions. I didn't see greyed out options today they're working with usual crypto so they could grey out each time they're low on available funds.
Did anyone test if fixedfloat exchange is really back and working after that big hack? :o
I see they have listed bitcoin, ethereum, litecoin and many other coins, only few of them are greyed out and not available.
-
That's the only thing that worries the exchanges: sometimes when hackers get in, what about the users they robbed who are just using their platform that is trusted to enter their money? Can they resolve that immediately?
Although I'm not familiar with the exchange, I don't use it either. There are other exchanges that have been tried and tested, like Binance, that still maintain the trust of their users even if they take the risk of donating their users who have been robbed by a hacker. funds.
-
There were 30 orders affected by the hack and the total amount of those 30 orders doesnt seem to be much.
Fixedfloat is a non-custodial exchange, so its actually their own assets that are lost, not the users.
Maybe this is retaliation from the Lazarus group, their funds worth $2M were frozen by Fixedfloat last year.
-
That's the only thing that worries the exchanges: sometimes when hackers get in, what about the users they robbed who are just using their platform that is trusted to enter their money? Can they resolve that immediately?
Although I'm not familiar with the exchange, I don't use it either. There are other exchanges that have been tried and tested, like Binance, that still maintain the trust of their users even if they take the risk of donating their users who have been robbed by a hacker. funds.
Since they are back to business, it means that it was their funds that was lost, and not customers funds. This will put more trust on the exchange by their customers that whatever happens to the exchange that their funds are safe. If not they would have not been able to start operation if they were really affected by the hack. This is the main reason why one should always save funds in a private wallet, because exchanges are vulnerable to attack.
-
Since they are back to business, it means that it was their funds that was lost, and not customers funds. This will put more trust on the exchange by their customers that whatever happens to the exchange that their funds are safe. If not they would have not been able to start operation if they were really affected by the hack. This is the main reason why one should always save funds in a private wallet, because exchanges are vulnerable to attack.
It seems like you don't understand well how FixedFloat exchange works. It is an instant exchanger and it differs from the usual centralized exchanges.
Here, users do not keep their coins in the exchange wallet, only the moment of the trade itself is risky until the transactions are confirmed. For example, a user sends 0.5 Bitcoin, and after one or two confirmations that BTC has been sent, he receives USDT (or some other currency) to his address. (I mentioned BTC and USDT only as an example)
they were certainly affected by this hack because 50% of their capital was stolen (if I remember the percentage correctly). However, they have enough money in reserve, which allows them to continue their business.
-
For example, a user sends 0.5 Bitcoin, and after one or two confirmations that BTC has been sent, he receives USDT (or some other currency) to his address. (I mentioned BTC and USDT only as an example)
Ideally, the amount that was hacked is supposed to be the amount of deposits at that hour, and this amount is not supposed to be millions of dollars, but it seems that the hackers were able to access the private key of the API or their hot storage and emptied their wallets, whether they were in third-party services such as Binance, OKX or were in their wallets.
-
Ideally, the amount that was hacked is supposed to be the amount of deposits at that hour, and this amount is not supposed to be millions of dollars, but it seems that the hackers were able to access the private key of the API or their hot storage and emptied their wallets, whether they were in third-party services such as Binance, OKX or were in their wallets.
I have not even seen complaints from their users that they have run out of funds. It seems that most of the stolen money belonged to the exchanger.
-
Ideally, the amount that was hacked is supposed to be the amount of deposits at that hour, and this amount is not supposed to be millions of dollars, but it seems that the hackers were able to access the private key of the API or their hot storage and emptied their wallets, whether they were in third-party services such as Binance, OKX or were in their wallets.
It was terrible security issue to store so much coins in hot wallets, but I don't fully understand how this quick swap exchanges actually work.
Best alternative for FixedFload that really respects customer privacy, and have higher security standards is eXch exchange.
Owner or main team member is a cool guy and he often expresses himself in bitcointalk forum, I think they even have account in AltcoinsTalk forum.
-
FixedFloat exchange was hacked on February 18 and they lost Bitcoin and Ethereum worth around $26 million!
They confirmed this incident on twitter and they shut down their swap service until further notice.
Keeping this amount of money on hot wallets is crazy for any service. :P
https://cointelegraph.com/news/fixed-float-confirms-26m-exploit-bitcoin-ether
what else happened this time, for a long time I saw that hacking had become a habit of an exchange when their liquidity had started to thicken
what you said is true, it is safer to trade on a large DEX or CEX that has a good reputation
-
what else happened this time, for a long time I saw that hacking had become a habit of an exchange when their liquidity had started to thicken
FixedFloat hack happened again on April 1 and this is not a joke :P
It happened by the same people and they lost money again.
On April 1, we were again attacked by the attackers who were behind the February 16 hack. The attackers did not stop there and continued to use various methods to try to hack our service again. Thanks to the enormous work done to improve the security of our infrastructure, we were able to successfully repel their attacks and continue to work.
However, despite all our efforts, unfortunately, hackers managed to discover a vulnerability of a third party whose services we use. Although such third-party attacks are beyond our control, we take all necessary measures to strengthen the security of our service and will work to prevent similar incidents in the future.
We would like to emphasize that financial losses affected only our service; hackers stole funds to ensure the liquidity of the service, that is, the company’s funds and user funds were not affected. We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds.
We are currently in the process of an active investigation. Details of the incident cannot yet be disclosed due to the ongoing investigation.
https://twitter.com/FixedFloat/status/1775172224216875223
what you said is true, it is safer to trade on a large DEX or CEX that has a good reputation
No it's not safer to do that on any centralized exchanges.
Most of the big centralized exchanges got hacked before and people lost money.
There are no big DEX exchanges, Bisq is the best and safest right now.
-
Sometimes, I really wonder how possible is it that an exchange is hacked the first time, and then while still discussing on that, they end up getting hacked again the second time in a row, I usually think that the first hacked should have drawn the attention of the security team of that exchange to the vulnerability which gave the hackers unwarranted or unapproved access to the exchange's database, so they can block that access immediately, but what? It looks like sometimes, they are clueless on what to do..
Like I mentioned in a thread posted in the crypto currency discussion board on this same topic, this exactly how cryptopia went down after being hacked three times consecutively.
I hope people stay away from this exchange going forward, never knew such exchange even existed.. Lol ;D
-
Two hacks in less than 6 months, with the same method, the same address and the same mistakes. I don’t know, but the chance of them coming back again with the same brand name is difficult, and I don’t know why anyone would trust them again.
The best that could happen is to end FixedFloat service, rebuild their system again, and redirect users to the new service.
Some of the claims made by https://exch.cx/ in the past make me suspect that the second hack may be an attempt by FF to pay for hackers not to post the data they obtained from the servers.
-
Two hacks in less than 6 months, with the same method, the same address and the same mistakes. I don’t know, but the chance of them coming back again with the same brand name is difficult, and I don’t know why anyone would trust them again.
The best that could happen is to end FixedFloat service, rebuild their system again, and redirect users to the new service.
It's not 6 months, but less than two.
Given that the hack came in the same way, It is clear that the FF team has not discovered all of its shortcomings, and it certainly has not eliminated them all. If they continue to operate with the same software, then doubt should be expressed in their reason and logic.
Regardless of the alternatives, it's a shame to lose this kind of service, obviously it had significant popularity.
-
Two hacks in less than 6 months, with the same method, the same address and the same mistakes. I don’t know, but the chance of them coming back again with the same brand name is difficult, and I don’t know why anyone would trust them again.
The best that could happen is to end FixedFloat service, rebuild their system again, and redirect users to the new service.
I don't think they are going to quit and shut down their service now, but they need to change how it works and remove all third parties connected with them.
If I understood their statement correctly they claimed that latest hack was connected with one of the partners they work with.
Anyway, they are looking like amateurs now :P
-
Shoot that hurts, truly sad and upsetting, to be honest. I can't imagine being one of the FixedFloat team members, especially not one of their security personnel. It seems to me that the hackers have identified the platform's security weaknesses, or they might even know about their team members or have an insider who works beside the hackers.
It's hard to understand how two such incidents could happen in a very short period of time. Also the platform going back to work after the first hack should have ensured that no form of hacking could breach them once again no matter its type. However, I doubt they will manage to remain in the market much longer, as everyone is now will be afraid of not being able to get their exchanged assets with them.
-
That's the only thing that worries the exchanges: sometimes when hackers get in, what about the users they robbed who are just using their platform that is trusted to enter their money? Can they resolve that immediately?
Although I'm not familiar with the exchange, I don't use it either. There are other exchanges that have been tried and tested, like Binance, that still maintain the trust of their users even if they take the risk of donating their users who have been robbed by a hacker. funds.
Yup, same here. I haven't heard about the exchange this is my first time I have ever heard about it. I think is best I make a post on what to look into on exchanges before using them. At least an exchange should have a Cold wallet and high security for things like thos and most importantly, monthly update on protection fund . At least bitget and Binance are doing great in this aspect
-
April 1 isn't the best day for this to happen. They didn't announce losses in the second hack so it's possible they're learning about the hackers techniques. The hackers assume FixedFloat's an easy target so they'll keep doing it.
FixedFloat hack happened again on April 1 and this is not a joke :P
It happened by the same people and they lost money again.
-
April 1 isn't the best day for this to happen. They didn't announce losses in the second hack so it's possible they're learning about the hackers techniques. The hackers assume FixedFloat's an easy target so they'll keep doing it.
this time loss is about $ 3 Million, as the service stopped which means that the hackers have left some back doors and perhaps they need to be written instead of trying to fix bugs caused by the last hacker process.
-
That's crazy to see that they've been hacked, and again. These hackers will definitely drain, I've seen that they just start to get into their recovery going back to service but it seems that these hacks don't want to see them in business. It took a lot of years for fixedfloat to establish themselves and now, they're on this situation. Truly bad situation it is.