[TheRecord] Japanese crypto-exchange Liquid hacked for $94 million

Tokyo-based cryptocurrency exchange Liquid said that hackers breached its servers and stole crypto-assets estimated to be worth at least $94 million at today’s exchange rates.

“We are currently investigating and will provide regular updates. In the meantime deposits and withdrawals will be suspended,” the company said in a tweet earlier today.

Liquid said the incident took place after hackers took control over its “warm” wallets, which are cryptocurrency accounts where exchange platforms keep funds for daily transactions.

As a response to the security breach, Liquid said it’s moving the rest of its funds into cold wallets (offline accounts) as the company moves to kick the hackers off its internal network.

In the meantime, the company has published a series of four tweets[1234] containing cryptocurrency addresses where the hackers had exfiltrated its funds.

Stolen funds estimated at just over $94 million

Blockchain analysis firm Elliptic said these accounts contained just over $94 million in crypto-assets, a sum estimated at exchange rates just before the prices of various currencies started to drop as news of the hack started to spread.

“This includes $45 million in Ethereum tokens, which are currently being converted into Ether using decentralised exchanges (DEXs) such as Uniswap and SushiSwap,” the company added. “This enables the hacker to avoid having these assets frozen – as is possible with many Ethereum tokens.”

Image: Elliptic

Before the hack, Liquid was ranked #19 on the CoinMarketCap cryptocurrency exchange list.

Liquid was also hacked in November 2020

Today’s breach is Liquid’s second major security incident. In November 2020, a threat actor social-engineered Liquid’s DNS provider and gained control over the exchange’s DNS infrastructure.

The hacker used this access to phish Liquid employees for their work credentials and pivoted to the company’s internal network. While the intruder managed to collect personal data for some Liquid customers, no funds were stolen in the 2020 incident.

News of today’s breach also comes a week after a hacker breached and stole more than $611 million worth of cryptocurrency assets from Poly Network. The hacker eventually returned the funds after the cryptocurrency exchange begged for the funds back on Twitter and also agreed to pay a $500,000 bounty reward for disclosing the vulnerability used in the attack.

The post Japanese crypto-exchange Liquid hacked for $94 million appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[NCSC-NL] Vulnerability in Apache Log4j patch version 2.15

All posts, NCSC-NL

Today, a Denial-of-Service (DoS) vulnerability (CVE-2021-45046) was found in the Log4j patch version 2.15. The (remote) code execution vulnerability, which the National Cyber Security Centre (NCSC) discussed in its security advisory NCSC-2021-1052 (in Dutch), has been resolved in both version 2.15 and version 2.16 of Log4j, according to Apache. The NCSC has no information that […]

Read More

[BleepingComputer] SteelSeries software makes you Windows 10 admin with or without a real device

The official app for installing SteelSeries devices on Windows 10 can be exploited to obtain administrator rights, a security researcher has found. […] Source: Read More (BleepingComputer)

Read More

[TheRecord] Apple releases patches for NSO Group’s ForcedEntry zero-day

Apple has released security updates today to patch ForcedEntry, a professional exploit developed by Israeli spyware maker NSO Group, and which has been abused to hack into the phones of multiple activists since February this year. Patches are available today for macOS, iOS, iPadOS, and watchOS. Tracked as CVE-2021-30860, the ForcedEntry zero-day exploits a bug in CoreGraphics, an Apple component […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.