The FixedFloat project team has revealed that malicious actors responsible for the February attack have once again targeted and successfully breached the platform.
According to developers, on April 1st, hackers exploited a vulnerability in the FixedFloat security system, resulting in the loss of $2.8 million. They clarified that the losses only impacted the platform’s operational liquidity funds and did not affect users.
On April 1, we were again attacked by the attackers who were behind the February 16 hack. The attackers did not stop there and continued to use various methods to try to hack our service again. Thanks to the enormous work done to improve the security of our infrastructure, we…
— FixedFloat⚡️ (@FixedFloat) April 2, 2024
The breach was confirmed by analysts at Cyvers, who noticed a suspicious transaction from FixedFloat’s hot wallet. The hackers transferred a total of $2.8 million in Tether (USDT), Wrapped Ethereum (WETH), Dai (DAI), and USD Coin (USDC) to a dubious address. Subsequently, they converted the stolen assets into Ethereum (ETH) via a decentralized exchange (DEX) and withdrew the entire amount to the eXch platform.
🚨ALERT🚨Our system has detected some suspicious transactions with @FixedFloat!
Approximately 14 hours ago, a staggering $2.8M was withdrawn from their hot wallet on the $ETH chain. The funds were directed to a suspicious address, which subsequently received various digital… pic.twitter.com/F671oKR5N6
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) April 2, 2024
Following these transactions, the compromised hot wallet of FixedFloat ceased operations. The cryptocurrency exchange’s website was subsequently taken offline for maintenance.
FixedFloat was first hacked on February 16th, resulting in a loss of $26 million. During that incident, hackers also exploited a security vulnerability in the platform’s system. Upon discovering the attack, developers also placed the exchange’s website under maintenance.
Last week, the Prisma Finance protocol fell victim to a hacker attack. Malicious actors deployed a malicious contract, causing the platform to lose $11 million.
In total, cryptocurrency projects lost $336.3 million in the first quarter, as calculated by analysts at Immunefi. Compared to the same period last year, the amount of damage caused by cybercriminals decreased by 23%. In addition to FixedFloat, the largest losses were incurred by Orbit and Munchables.