FixedFloat Hit Again in $2.8M Breach

The team behind the FixedFloat project has disclosed details of a second security breach of their platform, orchestrated by the same cybercriminals responsible for the February attack.

On April 1st, malefactors exploited a vulnerability in FixedFloat’s security system, absconding with $2.8 million. The developers have clarified that the theft solely affected funds designated for the platform’s operational liquidity, leaving user assets untouched.

Confirmation of the breach was provided by analysts at Cyvers, who flagged a suspicious transaction emanating from FixedFloat’s hot wallet. The cybercriminals transferred a total of $2.8 million in cryptocurrencies—Tether (USDT), Wrapped Ethereum (WETH), Dai (DAI), and USD Coin (USDC)—to a dubious wallet. Subsequently, the hackers converted the stolen assets to Ethereum (ETH) through a decentralized exchange (DEX) and transferred the entire sum to the eXch platform.

Following the transactions, the compromised FixedFloat hot wallet ceased operation, and the cryptocurrency exchange’s website was temporarily taken offline for maintenance. This incident followed a previous attack on February 16th, when FixedFloat suffered a loss of $26 million due to another security system vulnerability. In response to that incident, the exchange’s website was also placed in maintenance mode.