FixedFloat April Fools Day Exploit

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

FixedFloat Logo/Homepage

FixedFloat is a non-custodial cryptocurrency exchange platform that offers fast, secure, and anonymous transactions without requiring user registration. Users can swap various cryptocurrencies at fixed rates, benefitting from instant transactions and advanced security measures. On April 1, 2024 the platform experienced an second attack by hackers who exploited a vulnerability in a third-party service used by FixedFloat. A significant amount of funds was withdrawn from FixedFloat's hot wallet on the Ethereum chain and redirected to a suspicious address, prompting the platform to undergo maintenance. Despite the attack, user funds were not affected, as FixedFloat does not act as a custodial service. The incident is currently under investigation, with details yet to be disclosed.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22]

About FixedFloat

"FixedFloat is a cryptocurrency exchange platform that provides users with the ability to swap or exchange one cryptocurrency for another. It aims to offer fast, secure, and anonymous transactions without the need for user registration or personal information.

FixedFloat facilitates instant cryptocurrency swaps, allowing users to exchange one cryptocurrency for another at a fixed rate. It supports a wide range of cryptocurrencies, including popular options like Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), and many others.

One of the notable features of FixedFloat is its non-custodial nature. This means that the platform does not hold user funds. Instead, it connects users with third-party liquidity providers to execute the swaps directly. This can enhance security and privacy, as users retain control over their funds throughout the transaction.

FixedFloat offers a range of instant and unique features that set it apart from other exchanges. For instance, users can quickly and easily exchange a wide variety of virtual assets without having to worry about complicated trading procedures or high fees. Moreover, the platform uses advanced security measures to ensure the safety and privacy of user data at all times, making it one of the most secure exchanges available.

FixedFloat represents a new and exciting chapter in the evolution of virtual asset trading. By leveraging the power of cutting-edge technology and innovative business models, FixedFloat has created a platform that is both easy to use and highly effective, providing traders with a range of unique features and capabilities that are simply not available elsewhere. Whether you are a seasoned trader or a newcomer to the world of virtual asset trading, FixedFloat is sure to offer something of value to you. So why not give it a try today and see for yourself what all the fuss is about?"

"The exchange was founded in 2018 by a group of blockchain-experienced enthusiasts who have demonstrated a keen interest in the convergence of network technology, finance, and business. With its cutting-edge platform and unique approach to virtual asset trading, FixedFloat has quickly earned a reputation as one of the most innovative and user-friendly exchanges on the market today."

"Cryptocurrencies open new opportunities for achieving financial freedom. The bigger the user base, the greater the competitive advantages that emerging distributed ledger technologies provide. FixedFloat gives you the tools to make full use of your digital assets through an easy and accessible exchange platform."

"On April 1, we were again attacked by the attackers who were behind the February 16 hack. The attackers did not stop there and continued to use various methods to try to hack our service again. Thanks to the enormous work done to improve the security of our infrastructure, we were able to successfully repel their attacks and continue to work.

However, despite all our efforts, unfortunately, hackers managed to discover a vulnerability of a third party whose services we use. Although such third-party attacks are beyond our control, we take all necessary measures to strengthen the security of our service and will work to prevent similar incidents in the future.

We would like to emphasize that financial losses affected only our service; hackers stole funds to ensure the liquidity of the service, that is, the company’s funds and user funds were not affected. We also want to emphasize that FixedFloat does not perform the functions of a custodial service, that is, it does not store user funds.

We are currently in the process of an active investigation. Details of the incident cannot yet be disclosed due to the ongoing investigation."

"a staggering $2.8M was withdrawn from their hot wallet on the $ETH chain. The funds were directed to a suspicious address, which subsequently received various digital assets including $ETH, $USDT, $WETH, $DAI, and $USDC.

The suspicious address promptly swapped these assets into $ETH via #DEX , before funneling all funds into the #eXch exchange. After these transactions, the hot wallet ceased its operations, and the company's website is currently undergoing maintenance."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - FixedFloat April Fools Day Exploit
Date Event Description
April 1st, 2024 10:41:11 AM MDT First Ethereum Transaction The first of several transactions coming from FixedFloat for ethereum.
April 2nd, 2024 2:08:00 AM MDT Cyvers Suspicious Transaction Alert The Cyvers team posts a tweet noting suspicious transactions being detected coming from FixedFloat wallets.
April 2nd, 2024 5:05:18 AM MDT Attacker Moving Bitcoin The attacker moves bitcoin through a wallet.
April 2nd, 2024 8:43:00 AM MDT Tweet Posted FixedFloat posts a tweet about their service being under attack and an ongoing investigation being underway.
April 2nd, 2024 2:30:00 PM MDT BeInCrypto Article BeInCrypto shares an article with details about the FixedFloat hack.
April 7th, 2024 8:02:00 AM MDT No Timeline Available The FixedFloat team reports that no timeline is available for the restoration.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $2,800,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. CertiK:FixedFloat近24小时发出总计超300万美元的“可疑”交易 - PANews (Apr 30, 2024)
  2. FixedFloat证实其再次遭遇攻击:黑客利用其第三方服务中漏洞,公司和用户资金未受影响 - PANews (Apr 30, 2024)
  3. @FixedFloat Twitter (Apr 30, 2024)
  4. FixedFloat | Instant cryptocurrency exchange (Apr 30, 2024)
  5. FixedFloat Reviews: Lightning Cryptocurrency Exchange (Apr 30, 2024)
  6. Fixedfloat | Change Now | Buy, Sell and Exchange Crypto (Apr 30, 2024)
  7. Avis très négatif sur fixedfloat.com. Attention arnaque ! (Apr 30, 2024)
  8. How to exchange cryptocurrencies on the FixedFloat? | FixedFloat (Apr 30, 2024)
  9. This Crypto Exchange Was Hacked, Losing $2.80 Million (Apr 30, 2024)
  10. @CyversAlerts Twitter (Apr 30, 2024)
  11. Address: bc1qzrvptdr3uq8areasdpegsayq9m0nfd4t6nfx2y (Apr 30, 2024)
  12. Transaction: 4e1ab3a3b49b46106f7a60800474505721c0c246fd80bb9f8f38850f3d5c624a | Blockchain.com (Apr 30, 2024)
  13. Transaction: 17aa62dca1ced1f64fdc6a790cfe0a95871ddd72ef76a26d8da9d36da1630078 | Blockchain.com (Apr 30, 2024)
  14. @gazjones00 Twitter (Apr 30, 2024)
  15. @Deddy_Lavid Twitter (Apr 30, 2024)
  16. @PrivacyHasher Twitter (Apr 30, 2024)
  17. @ADT_R Twitter (Apr 30, 2024)
  18. FixedFloat exchange hacked again (Apr 30, 2024)
  19. @FixedFloat Twitter (May 1, 2024)
  20. About us | FixedFloat (May 1, 2024)
  21. https://pbs.twimg.com/media/GKJQeiGXQAAp8E3?format=jpg&name=large (May 1, 2024)
  22. FixedFloat Exchange Targeted by Hackers, $3M Drained in Ethereum, Tron (May 1, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=FixedFloat_April_Fools_Day_Exploit&oldid=5733"