FixedFloat, a decentralized exchange (DEX), has confirmed a security breach on its platform over the weekend.
Responding to inquiries from the crypto community on Feb. 18 via X, the project acknowledged the hack and subsequent theft of funds. However, specific details regarding the incident or the exact amount stolen were not disclosed by the team.
Hello,
We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon.
We will…
— FixedFloat⚡️ (@FixedFloat) February 18, 2024
As of now, the exchange website is inaccessible and displays an error message due to maintenance.
FixedFloat operates as a non-custodial exchange, allowing automated cryptocurrency exchanges without requiring users to register or undergo Know Your Customer (KYC) verifications. Additionally, the platform supports the Bitcoin Lightning Network.
On-chain data reveals that the stolen funds from the platform total $26 million in digital assets, comprising 1,728 ETH valued at approximately $4.85 million and 409 BTC with a value of $21 million.
According to blockchain security firm PeckShield, the majority of the stolen ETH funds have been transferred to the Ethereum crypto mixer eXch.
#PeckShieldAlert #FixedFloat was hacked, resulting in ~1,728 $ETH (worth ~$4.85m) and & 409 $BTC (worth ~$21m) stolen. The drainer already transferred most of the stolen $ETH to #eXch on #Ethereum pic.twitter.com/IZKbCclH8v
— PeckShieldAlert (@PeckShieldAlert) February 19, 2024
The attacker has dispersed the stolen 409 BTC to various addresses, as reported by Beosin Alert.
🚨@FixedFloat was exploited for ~$26.1M (409 $BTC and 1,728 $ETH).
On Ethereum, the attacker 0x85c4fF99bF0eCb24e02921b0D4b5d336523Fa085 sent the stolen 1,728 $ETH to multiple addresses, then to Exch exchange.
The stolen 409 $BTC was dispersed to multiple addresses by attacker… pic.twitter.com/2usl0kwG5v
— Beosin Alert (@BeosinAlert) February 18, 2024
On-chain investigators have uncovered that a portion of the stolen funds, specifically 166.1 BTC, was sent to Samourai Wallet to utilize Coinjoin transactions, aiming to obscure the transaction trails.
Part of the stolen funds(166.1 BTC) on Bitcoin were sent to Samourai Wallet to use Coinjoin transactions. pic.twitter.com/pro8m9WNXg
— Evgenii| BLIN Analytics (@CryptoEvgen) February 18, 2024
