IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Liquid cryptocurrency exchange loses $97 million after hack

Amount lost includes $45 million in Ethereum tokens

Following a hacker raid on its systems, Japanese cryptocurrency exchange Liquid lost $97 million in crypto assets.

In a tweet, the firm said that its hot wallets were compromised, and it is moving assets into cold wallets. "We are currently investigating and will provide regular updates. In the meantime, deposits and withdrawals will be suspended,” the firm said.

It added in a follow-up tweet that it had found four blockchain addresses, in Bitcoin, Ethereum, Tron, and XRP, associated with the hacker.

According to Elliptic's analysis, the thief’s accounts have received just over $97 million in crypto assets. The amount includes $45 million in Ethereum tokens, which the hacker is converting to Ether using decentralized exchanges (DEXs), such as Uniswap and SushiSwap. 

“This enables the hacker to avoid having these assets frozen - as is possible with many Ethereum tokens,” the firm said.

James McQuiggan, security awareness advocate at KnowBe4, told ITPro that criminals continue to target systems and networks where the money is stored. If it is digital, it can be hacked. 

“Unfortunately, with another cryptocurrency exchange successfully attacked for the second time this week, this can only be a sign of things on the horizon for these exchange companies,” he said.

“Users of cryptocurrency want to ensure not to put all of their funds into one type of currency and, for more significant amounts, keep them in an offline or cold wallet to prevent theft via the exchanges. While this might seem like keeping your cash funds in the mattress at home instead of the bank, there are currently no Federal Deposit Insurance agencies to protect against your crypto funds and the exchange organizations."

Antti Tuomi, principal security consultant at F-Secure, told ITPro that from an attacker's point of view, cryptocurrency exchanges are a very appealing target since a successful breach net them a lot of capital from the users. Plus, compared to normal currency and banks, mechanisms for preventing fraud or tracing or stopping crypto transactions are either not in place or not possible to implement at the same level.

“Regardless of the exchange in question, online wallets will always be at a risk; at the same time, switching to true cold wallets that are not connected to the online system other than when authorized by the wallet owner, is very difficult to achieve with an online service without compromising on the "always-online" principle while relying on technology alone. Regardless of the cryptocurrency in question or the exchange or its geographical location, the risk with online systems and always-online wallets will always be present,” Tuomi said.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
What is cryptocurrency mining?
cryptocurrencies

What is cryptocurrency mining?

27 May 2022
IMF urges El Salvador to remove Bitcoin as legal tender
cryptocurrencies

IMF urges El Salvador to remove Bitcoin as legal tender

26 Jan 2022
El Salvador announces plans to build a 'Bitcoin city' at the foot of a volcano
cryptocurrencies

El Salvador announces plans to build a 'Bitcoin city' at the foot of a volcano

22 Nov 2021

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022