The decentralized exchange FixedFloat fell victim to an exploit resulting in the loss of nearly $26 million worth of Bitcoin and Ethereum. The breach was confirmed by the FixedFloat team on Feb. 18 following reports from blockchain analysts detecting suspicious movements of crypto assets.
In response to inquiries regarding the exploit, the FixedFloat team acknowledged the hack and theft of funds but refrained from providing further details. They stated that they are actively working to address vulnerabilities, enhance security measures, and conduct a thorough investigation into the incident.
As of early Feb. 19, there were no additional updates from the FixedFloat team, and the FixedFloat website was inaccessible, displaying a message indicating technical maintenance.
Blockchain security firm PeckShield reported on Feb. 19 that approximately 1,728 ETH valued at around $4.85 million and 409 BTC worth approximately $21 million were stolen in the attack. The majority of the stolen Ethereum has already been transferred to the eXch exchange by the hacker.
FixedFloat, which operates as a crypto exchange powered by the Bitcoin Lightning network, operates with a fully automated model, enabling crypto swaps without the need for user registration or know-your-customer (KYC) verification.
Further investigation by web3 threat researcher ‘Officer’s Notes’ revealed that the perpetrator transferred stolen funds not only to eXch but also to HitBTC. This action may be an attempt to obscure the trail of the stolen assets.
FixedFloat is often utilized as a coin mixer due to its anonymous nature, allowing users to obfuscate transaction trails effectively.
The exploit on FixedFloat adds to the list of recent crypto hacks and exploits recorded in February. PlayDapp lost $32 million in an access control exploit on Feb. 9, followed by Duelbits suffering a similar exploit resulting in a $4.6 million loss on Feb. 13.