[TheRecord] Japanese crypto-exchange Liquid hacked for $94 million

Tokyo-based cryptocurrency exchange Liquid said that hackers breached its servers and stole crypto-assets estimated to be worth at least $94 million at today’s exchange rates.

“We are currently investigating and will provide regular updates. In the meantime deposits and withdrawals will be suspended,” the company said in a tweet earlier today.

Liquid said the incident took place after hackers took control over its “warm” wallets, which are cryptocurrency accounts where exchange platforms keep funds for daily transactions.

As a response to the security breach, Liquid said it’s moving the rest of its funds into cold wallets (offline accounts) as the company moves to kick the hackers off its internal network.

In the meantime, the company has published a series of four tweets[1234] containing cryptocurrency addresses where the hackers had exfiltrated its funds.

Stolen funds estimated at just over $94 million

Blockchain analysis firm Elliptic said these accounts contained just over $94 million in crypto-assets, a sum estimated at exchange rates just before the prices of various currencies started to drop as news of the hack started to spread.

“This includes $45 million in Ethereum tokens, which are currently being converted into Ether using decentralised exchanges (DEXs) such as Uniswap and SushiSwap,” the company added. “This enables the hacker to avoid having these assets frozen – as is possible with many Ethereum tokens.”

Image: Elliptic

Before the hack, Liquid was ranked #19 on the CoinMarketCap cryptocurrency exchange list.

Liquid was also hacked in November 2020

Today’s breach is Liquid’s second major security incident. In November 2020, a threat actor social-engineered Liquid’s DNS provider and gained control over the exchange’s DNS infrastructure.

The hacker used this access to phish Liquid employees for their work credentials and pivoted to the company’s internal network. While the intruder managed to collect personal data for some Liquid customers, no funds were stolen in the 2020 incident.

News of today’s breach also comes a week after a hacker breached and stole more than $611 million worth of cryptocurrency assets from Poly Network. The hacker eventually returned the funds after the cryptocurrency exchange begged for the funds back on Twitter and also agreed to pay a $500,000 bounty reward for disclosing the vulnerability used in the attack.

The post Japanese crypto-exchange Liquid hacked for $94 million appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] New Chinese Threat Group ‘GhostEmperor’ Targets Governments, Telecom Firms

All posts, Security Week

A previously undocumented Chinese-speaking threat actor is targeting Microsoft Exchange vulnerabilities in an attempt to compromise high-profile victims, Kaspersky reveals. Tracked as GhostEmperor, the long-running operation focuses on targets in Southeast Asia and uses a formerly unknown Windows kernel-mode rootkit. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[BleepingComputer] Windows 10 targeted by PuzzleMaker hackers using Chrome zero-days

Kaspersky security researchers discovered a new threat actor dubbed PuzzleMaker, who has used a chain of Google Chrome and Windows 10 zero-day exploits in highly-targeted attacks against multiple companies worldwide. […] Source: Read More (BleepingComputer)

Read More

[SecurityWeek] Experts: False Claims on Voting Machines Obscure Real Flaws

All posts, Security Week

The aftermath of the 2020 election put an intense spotlight on voting machines as supporters of former President Donald Trump claimed victory was stolen from him. While the theories were unproven — and many outlandish and blatantly false — election security experts say there are real concerns that need to be addressed. read more Source: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.