Japanese crypto exchange loses $80 million to security breach

Japanese crypto exchange loses $80 million to security breach

By Harshini Nag - min read

The incident is one of 2021’s largest attacks on a centralised exchange

Liquid Global, one of Japan’s top 10 crypto exchanges by daily traded spot volume, has confirmed that hackers have managed to transfer over $80 million worth of digital assets from the platform in a security breach that compromised the exchange’s hot wallets. The exchange has currently suspended all withdrawals and deposits.

Centralised exchanges like Liquid maintain separate hot and cold wallets. Hot wallets facilitate transactions and are connected to the internet, making them more vulnerable to cyber-attacks. Cold wallets are used for long-term storage of assets and are generally safer as they are not exposed to the web.

While Liquid is yet to reveal the exact amount of funds that were stolen, the exchange has shared the crypto addresses of the hackers. The Ethereum address of the hacker contains assets worth about $69 million, with their Bitcoin wallet holding about 107.42 BTC, currently valued at a little less that $5 million. The wallets have also sent XRP and TRX worth over $10 million to an unknown wallet, making the total stolen funds worth upward of $80 million.

However, the exchange has revealed that the hackers did not manage to steal all the available funds on its hot wallets. The remaining funds are in the process of being transferred to Liquid’s cold wallets for secure storage, the exchange confirmed.

“We are currently tracing the movement of the assets and working with other exchanges to freeze and recover funds,” Liquid said in its latest update 

The incident is one of the largest attacks on centralised exchanges in 2021. Japanese exchange KuCoin responded to the security breach by promptly blacklisting the wallets in question.

With the decentralised finance (DeFi) boom of 2020, cyber attacks in the blockchain world have been concentrated towards DeFi projects and exchanges. The current attack only goes to show that projects in the crypto and blockchain space can never be too careful.

However, this is not the first time Liquid’s infrastructure has come under attack. In November 2020, the exchange reported that its employee’s email accounts and the company’s communication network had been compromised. While no funds were confirmed to have been stolen then, the exchange asked all users to change their passwords and reset the 2FA key.