Crypto futures and options exchange Deribit fell victim to a security breach on Tuesday, with hackers making off with $28 million from the exchange’s hot wallet.
Panama-based crypto exchange Deribit is the latest to fall victim to an onslaught of hacks and was forced to halt withdrawals after attackers made off with $28 million in Bitcoin, Ether, and Circle’s USDC. In a statement on Twitter, Deribit said that their hot wallet got hacked, but assured that client assets and cold storage addresses were not affected. Although almost $28 million was stolen, Deribit said that “the hack is isolated to their BTC, ETH, and USDC hot wallets.” According to reports by Decrypt, the hacker made off with 691 BTC and 9,111.59 ETH, with USDC stolen being quickly converted to Ethereum. As it stands, the funds are held in two wallets across Bitcoin and Ethereum and have not been moved to any mixer of laundering service.
Deribit hot wallet compromised, but client funds are safe and loss is covered by company reservesOur hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022.
— Deribit (@DeribitExchange) November 2, 2022
The company took to Twitter to assure users that they’re still in a “financially sound position” and that its reserves cover the loss without affecting the insurance fund. Since the attack, Deribit has halted withdrawals from the exchange and stated that “they are performing ongoing security checks.” The firm also advised against depositing more funds, saying that the “Deposits already sent will still be processed and after the required number of confirmations, they will be credited to accounts.”
A spokesperson for Deribit told Cointelegraph that the company aims to resume withdrawals as soon as possible and is now checking “all security measures.” Deribit added that it is working on a full incident review to provide more details about the vulnerability that may have resulted in the issue. The representative also said that the hack was the first time that the firm experienced such an attack and losses since its launch in 2016.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.