$28 million stolen from cryptocurrency platform Deribit

Stolen cryptocurrency platform Deribit

Stolen cryptocurrency platform Deribit

Cryptocurrency derivatives platform Deribit on Tuesday said a hacker stole $28 million from the company, forcing it to halt withdrawals as it investigates the incident.

Deribit is a cryptocurrency futures and options exchange based in Panama City that allows customers to trade perpetual, futures, and options contracts.

The company said the losses will be paid through its reserves and noted that 99% of user funds are held in “cold storage” to protect against this kind of attack. Hot wallets for cryptocurrency are ones connected to the internet through a phone or computer while cold wallets are assets held in hardware devices offline. 

Phishing Campaigns Target KFC, McDonald’s in Saudi Arabia, UAE, Singapore

Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves

Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022.

“The hack is isolated & quarantined to our BTC, ETH and USDC hot wallets,” the company said. “Deribit remains in a financially sound position and ongoing operations will not be impacted.”

The company did not respond to requests for comment about how the hack occurred and whether they are in communication with the hacker. On Twitter, Deribit shared a link to the location of the stolen funds. 

Blockchain security company PeckShield explained that the hack involved the theft of about 9,080 ETH – worth about $14.2 million – and about 691 BTC worth another $14.1 million. 

A Deribit spokesperson said it is planning to reopen withdrawals at some point on Wednesday. But when this happens, all Deribit deposit addresses for BTC, ETH and USDC will have to be re-generated.

“In the front end you will see your previous address(es) have been removed. As of the moment of re-opening wallets, we will not support deposits on old deposit addresses anymore,” the spokesperson said. “All users need to create a new deposit address. Withdrawals via third-party custodians Copper Clearloop and Cobo have just been re-enabled.”

Bill Callahan, a retired U.S. DEA special agent in charge who now works for the Blockchain Intelligence Group, told The Record that the stolen funds have all been moved to new addresses.

The situation highlighted the problem with hot wallets, he said, because they aren’t typically as well protected as cold wallets.

“Cold wallets should ideally hold the majority of a company’s and user’s funds and reserves, as they are highly secure as compared to hot wallets that are more vulnerable to phishing attacks and hacking,” he said.

According to Peckshield, October was a particularly difficult month for crypto platforms, with 53 protocols dealing with about $760.2 million in losses. 


Stolen cryptocurrency platform Deribit

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts