A cryptocurrency exchange with a 24-hour trading volume of nearly $52 million has been hacked. UK-based EXMO revealed that cryptocurrency assets, including Bitcoin, Ripple, Ethereum, and others, were stolen from its hot wallets. Collectively, around 5% of EXMO’s total assets were withdrawn.
EXMO has explained that the incident is still being investigated but it has identified the wallet addresses where the stolen funds were deposited. The crypto exchange has reported the theft to the relevant authorities and asked other crypto services to block all accounts connected to the attack. In addition, EXMO has reiterated that all losses related to this incident will be refunded.
While EXMO carries out a thorough security review, the exchange asks users not to deposit additional funds. Withdrawals are also suspended for the time being.
Hot wallets refer to places where cryptocurrencies are stored but unlike cold wallets, they are connected to the internet. While this does make it easier to facilitate transactions, hot wallets come with added security risks compared to cold wallets – a fact that gains added significance in light of incidents like the one befalling EXMO.
“A best practice is not to store and hold large amounts of funds in hot wallets on exchanges but rather transfer to either a cold hardware wallet (that has appropriate recovery codes set and stored securely) or to a standard bank account as the case may be on completion of the exchange transaction,” Brad Mackenzie, CEO of IT security firm Clear Skies, explained. “This seeks to reduce personal exposure and loss in case of an exchange compromise.”
The EXMO hack represents an early challenge for the firm to overcome. It only received temporary registration status with the UK Financial Conduct Authority earlier this month.