Leading cryptocurrency exchange hacked of nearly $100 million

In Opinions

Amer Owaida, Security Writer at ESET explains that Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage after it was hacked

Japanese cryptocurrency exchange platform Liquid has fallen victim to enterprising hackers who compromised its warm wallets and made off with more than US$97 million in various cryptocurrency assets.

“At roughly 7:50 AM SGT on August 19th, Liquid’s Operations and Technology teams detected unauthorized access of some of the crypto wallets managed at Liquid,” reads the company’s incident report.

The company said on Twitter that the attackers compromised its so-called warm wallet, so for the time being it moved its cryptocurrencies and assets into a cold wallet. In the meantime, Liquid suspended all cryptocurrency deposits and withdrawals, while it investigates the incident, and assesses the impact of the attack. However, users will still have access to fiat withdrawals and deposits, as well as the platform’s other services.

To clarify, hot wallets are cryptocurrency wallets are that are connected to the internet and facilitate basic transactions. Warm wallets are very much like hot wallets, except that they rely on locally installed software and have improved security and identity verification controls. Meanwhile, cold wallets are offline and often hardware-based wallets and are by far the safest option. Cryptocurrency owners are generally best off keeping most of their investments in a cold wallet and only store a small part of their cryptocurrency holdings in a hot wallet for daily transactions.

The culprit or culprits behind the attack haven’t been identified yet; however, according to Liquid’s blog (in Japanese), the attack vector could be traced back to a compromised wallet used by its Singaporean subsidiary QUOINE. In total, the Japanese exchange platform estimates that 69 various cryptocurrency assets were misappropriated and forwarded to other exchanges or DeFi swapping venues.

According to an analysis by blockchain analytics firm Elliptic, the hackers were able to pilfer more than US$97 million in various cryptocurrency assets.

“This includes $45 million in Ethereum tokens, which are currently being converted into Ether using decentralised exchanges (DEXs) such as Uniswap and SushiSwap. This enables the hacker to avoid having these assets frozen – as is possible with many Ethereum tokens,” Elliptic added.

A perennial problem
Cryptocurrency exchange platforms aren’t strangers to being attacked by cybercriminals in the hopes of making a huge payday. This most recent hack comes hot on the heels of another major breach where hackers were able to steal more than US$600 million in cryptocurrency from the Poly Network decentralized finance platform. In an unexpected turn of events, the hackers later returned almost the entire loot.

Comments

You may also read!

Sophos present at GITEX with its latest cybersecurity innovations

Sophos today announced its participation at GITEX starting today, where it will be showcasing its newest cybersecurity innovations, including

Read More...

AmiViz to present BlackBerry Cyber Suite solutions at GITEX

At this year, BlackBerry has partnered with AmiViz, the Middle East region’s first enterprise B2B marketplace for the weeklong

Read More...

AmiViz delivers value from its four pillars of success

The Middle East region’s first enterprise B2B marketplace, AmiViz today announced that during development of its platform, the company

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu