FixedFloat reportedly suffers $2.8 million theft, Tether freezes $400,000 from attackers
This is the second attack on the FixedFloat platform in two months, after losing over $26 million previously.
Decentralized exchange FixedFloat’s Ethereum-based hot wallet saw several suspicious transactions that led to the withdrawals of $2.8 million during the past day, according to the Web3 security firm Cyvers.
Following the news, stablecoin issuer Tether blocklisted ten addresses involved in these withdrawals, effectively freezing about $400,000 worth of USDT tokens, according to blockchain security firm Peckshield.
FixedFloat’s ‘suspicious’ transactions
According to Cyvers:
“Approximately 14 hours ago, a staggering $2.8 million was withdrawn from [FixedFloat] hot wallet on the ETH chain. The funds were directed to a suspicious address, which subsequently received various digital assets including ETH, USDT, WETH, DAI, and USDC.”
Subsequently, the assets were swapped into Ethereum via a decentralized exchange (DEX) before being transferred to eXch exchange. Following these transactions, the hot wallet ceased functioning, prompting the exchange’s website to enter maintenance mode.
Meanwhile, the exchange has yet to comment publicly on these transactions. However, its website’s initiation of maintenance mode echoes the response observed following a previous security incident in February.
The exchange lost $26 million to an access control issue at the time, forcing it to transition its domain from fixedfloat.com to ff.io. The team said:
“A short domain name not only reduces the risk of encountering phishing attacks, but also makes it easier for all users to access our service.”
Tether freezes criminal addresses
USDT issuer Tether has proactively frozen the addresses of these suspicious transactions on FixedFloat.
Tether has yet to respond to CryptoSlate’s request for comment as of press time.
Over the past year, the stablecoin company has increased its crackdown on addresses linked to illicit activities. Notably, the firm proactively froze the hacker’s address, which exploited Ledger’s Connect Kit library.
The firm has also collaborated with several regulatory agencies worldwide to recover stolen funds from fraudsters and malicious actors.
However, despite these efforts, there are allegations that these hostile players increasingly favored the USDT stablecoin.