Decentralized crypto exchange FixedFloat has been exploited for at least $26 million worth of Bitcoin and Ether, according to on-chain data. 

The exchange team confirmed the attack a few hours after it was first reported on X (formerly Twitter). The team initially attributed the massive outflows to “minor technical problems” and switched its services to maintenance mode.

Since Feb. 17, a number of users have reported frozen transactions and missing funds on the exchange’s X page. On-chain data shows that more than 400 Bitcoin ( BTC ) worth around $21 million and over 1,700 Ether ( ETH ) worth nearly $5 million were drained on Feb. 18.

There is no clear indication of how the attack was carried out. The exchange team is reportedly investigating the security incident:

“We confirm that there was indeed a hack and theft of funds. We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate. Our service will be available again soon. We will provide details on this case a little later.”

In addition, the exchange's website is currently showing an error message on all pages. 

FixedFloat confirms $26M exploit in Bitcoin, Ether image 0 All pages of the FixedFloat website currently display an error message. Source: FixedFloat.

FixedFloat is an automated crypto exchange that does not require users’ registration or Know Your Customer (KYC) verifications. According to data from SEMrush, around 26% of its web traffic comes from users in the United States. The exchange integrates with the Lightning Network for Bitcoin transactions.

On-chain cybersecurity is one of the main challenges crypto projects face. The Solana ecosystem, for instance, has been targeted by scam-as-a-service marketplaces offering drainers that can perform bit-flip attacks.

Chainalysis also flagged the return of ransomware payments in 2023, specifically targeting high-profile institutions and infrastructure. According to a recent report, criminals made a record $1 billion last year through supply chain attacks, ranging from individuals and small criminal groups to large syndicates.

Magazine: DeFi’s billion-dollar secret: The insiders responsible for hacks