Tokyo-based cryptocurrency exchange Liquid said hackers breached its servers and stole crypto assets estimated to be worth at least $94 million (610 million yuan) at today’s exchange rates.
“We are currently investigating and will provide regular updates. Deposits and withdrawals will be suspended during this period,” the company revealed in an announcement earlier today.
Liquid said the incident occurred after hackers took control of its “warm” wallets, which are cryptocurrency accounts where trading platforms keep funds for day-to-day transactions. The company said on its Japan page that the breach was traced to Liquid’s Singapore subsidiary, Quoine.
In response to the security breach, Liquid said it was moving the rest of its funds into cold wallets (offline accounts) as the company moved to kick hackers out of its internal network.
During this period, the company published a series of four wallets containing cryptocurrency addresses in which the hackers exfiltrated their funds.
Stolen funds estimated to exceed $94 million
Blockchain analysis firm Elliptic said the accounts contained more than $94 million in crypto assets, a figure estimated at exchange rates before the prices of various currencies began to fall as news of the hack began to spread.
“This includes $45 million worth of ethereum tokens, which are currently being converted into ether using decentralized exchanges (DEXs) such as Uniswap and SushiSwap,” the company added. “This allows hackers to avoid freezing these assets. — like many ethereum tokens.”
Before the hack, Liquid was ranked 19th on CoinMarketCap’s list of cryptocurrency exchanges.
Liquid was previously hacked in November 2020
Today’s breach is Liquid’s second major security incident. In November 2020, attackers socially engineered Liquid’s DNS provider and gained control of the exchange’s DNS infrastructure.
Hackers used this access to phish Liquid employees’ work credentials and diverted to the company’s internal network. While the intruders managed to collect personal data for some Liquid customers, no funds were stolen during the 2020 incident.
The largest cryptocurrency heist in history: 3.95 billion, some returned
News of today’s breach also comes a week after a hacker hacked and stole over $611 million worth of crypto assets from the Poly Network. The hackers eventually returned the funds after the cryptocurrency exchange begged for funds on Twitter and agreed to pay a $500,000 bounty for disclosing the vulnerability used in the attack.