The Japanese cryptocurrency exchange said it was moving its assets into a cold wallet
A hacker stole more than $90 million from Japanese cryptocurrency exchange Liquid on Aug. 18.
In a series of tweets at 6:42 a.m. UTC on Aug. 19, the Liquid Global Official Twitter account detailed six ether wallets and one bitcoin, one XRP, and one tron wallet that had received $90.6 million in looted funds, the majority of it in ether and 68 separate Ethereum ERC-20 tokens.
That is far from the largest hack this month, but it is the worst. Cross-chain protocol Poly Network lost a staggering $612 million in a hack on August 10, but the hacker — dubbed Mr. White Hat — promptly returned the vast majority of the stolen crypto in dribs and drabs over several days (with a little more to come), saying he did it “for fun” and “always” planned to return the funds. Poly Network, for its part, promised no prosecution and offered a $500,000 bug bounty for the hacker, and a position as chief security advisor.
Liquid announced the attack in a brief tweet at 2:05 a.m. UTC.
It read:
“Important Notice: We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet. We are currently investigating and will provide regular updates. In the meantime deposits and withdrawals will be suspended.”
As of 9 a.m. UTC, no additional news had been posted on Liquid’s Twitter account or its blog.
Warm wallets are fairly similar to hot wallets in that they are connected to the internet, and thus vulnerable to hackers.
Exchanges tend to use warm wallets as an intermediate step between hot wallets funded for user withdrawals and cold wallets which are “air-gapped” — fully offline, and thus impervious to Internet-based thieves.
A warm wallet tends to hold a few days worth of funds, and requires human approval of each transaction sending funds back and forth to the hot and cold wallets. That suggests the Liquid hacker breached its warm wallet passwords.
Past Problems
Liquid was hacked in November 2020, but by a different kind of attack. No funds were reported stolen, but Liquid CEO Mike Kayamori said in a blog post that users’ personal information was taken after a hacker got Liquid’s domain hosting provider, GoDaddy, to wrongly transfer control of one of the exchange’s core domains.
“This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts,” Kayamori wrote. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
The attacker made off with data like users’ email, name, address, encrypted passwords and API keys — and possibly some anti-money laundering customer data like images of government-issued ID, selfies and proof of address — leading Kayamori to recommend customers change passwords and two-factor authentication (2FA) credentials, and be on the lookout for phishing attacks.
These are the addresses to which the Aug. 19 hacker sent Liquid’s funds:
BTC $4.8 million
https://blockstream.info/address/1Fx1bhbCwp5LU2gHxfRNiSHi1QSHwZLf7q
ETH $44.6 million + $24 million in 68 ERC-20 tokens
https://etherscan.io/address/0x5578840aae68682a9779623fa9e8714802b59946
ETH $1.6 million
https://etherscan.io/address/0xefb33ccafc98d5fdb27a6f5ff17350ca76bf3b53
ETH $188,212
https://etherscan.io/address/0x6b175474e89094c44da98b954eedeac495271d0f
ETH $158,495
https://etherscan.io/address/0x8762db106b2c2a0bccb3a80d1ed41273552616e8
ETH $44,741
https://etherscan.io/address/0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48
ETH $26,463
https://etherscan.io/address/0xca0e7269600d353f70b14ad118a49575455c0f2f
XRP $13 million
https://xrpscan.com/account/rfapBqj7rUkGju7oHTwBwhEyXgwkEM4yby
TRX $1.7 million
https://tronscan.org/#/address/TSpcue3bDfZNTP1CutrRrDxRPeEvWhuXbp/transfers
Stolen funds and cyber hacks are not new stories in the crypto space. In fact, one of the earliest and most infamous crypto heist occured in late 2011 — the hacking of the Mt. Gox Bitcoin exchange. Check out our list of the largest crypto hacks in history and how it had impacted the exchanges.
