- EXMO has released new details about yesterday’s attack.
- The exchange believes that a hacker accessed its Bitcoin private keys, but has not discovered a precise line of attack.
- Most of the exchange’s funds appear to be safe.
EXMO has shared an internal investigation document describing details about a recent hack that targeted its cryptocurrency exchange.
Details of the Attack
On Dec. 21, EXMO lost approximately $10 million to a security breach. EXMO believes the hacker acquired private keys, and the exchange is currently investigating how that may have happened.
Of the $10 million lost, over $6 million was stolen as Bitcoin. That amount is being held in a single wallet. Only six of the 57 cryptocurrencies that EXMO supports were affected by the breach, as the exchange stores wallet details for each on a separate server.
User data was not compromised: EXMO has a separate server infrastructure for individual crypto wallets and other data. However, speaking to Crypto Briefing, the exchange was unable to confirm whether any users lost funds as a result of the hack.
In response to the attack, EXMO has suspended withdrawals and deposits pending further investigation.
Improvements on the Way
EXMO has also traced stolen XRP and Ethereum to Poloniex and contacted that exchange. It additionally reached out to CipherTrace, Chainalysis, and Crystal in order to trace and flag addresses connected to stolen funds, which will prevent the attacker from cashing out funds on exchanges.
EXMO COO Sergey Zhdanov stated “the compromised amount is near 6% of the total assets of the company” and that he does not believe it will be an ongoing concern for EXMO. The exchange aims to set up new servers and wallets for the affected cryptocurrencies in the next 1 to 2 days and resume deposits.
Moving forward, EXMO intends to set third party custody providers to hot wallets, reduce the amount of crypto stored on hot wallets to 4-7%, and hire an experienced Chief Security Officer and staff.
EXMO is one of many cryptocurrency firms and projects that have recently experienced attacks. Hardware wallet manufacturer Ledger leaked user data this summer, while crypto exchange Kucoin lost $150 million after its keys were stolen. Meanwhile, several DeFi platforms have also faced attacks.
At the time of writing, the author of this article owned BTC.
Update: EXMO plans to resume deposits and withdrawals on Dec. 24.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.
See full terms and conditions.
Source: Read Full Article