Market

The Survival Story of FixedFloat

Published

3 months ago

July 4, 2024

admin

In February, the decentralized cryptocurrency exchange FixedFloat experienced a drainer attack, resulting in the loss of over $26 million worth of Bitcoin (BTC) and Ethereum (ETH). By late March, the exchange suffered a second exploit, leading to an additional loss of $2.8 million.

A few months later, FixedFloat shared the details of these incidents and ongoing investigation with BeInCrypto.

FixedFloat has been hacked twice this year. How did this happen?

The first hack occurred on the night of February 16-17. This was an external attack caused by vulnerabilities in our security structure. A hacker exploited a vulnerability in our security and was able to gain access to some of FixedFloat’s functions. The second breach took place on March 31, where the hacker exploited a vulnerability in a third-party service we were using at the time.

Was the second hack committed by the same hacker who committed the previous hack, or was it a different attacker?

We believe the same hacker committed both hacks because the attacks originated from the same IP address. We cannot provide all the details at the moment. However, we can report that hackers possess a large number of compromised servers.

On some of these servers, they have deployed the infrastructure for attacks. They likely did not store evidence on their own devices, instead using third-party servers. The hackers utilized numerous unique IP addresses; however, some were used to launch both attacks.

Do you have information about who exactly is behind the hacks?

We have been using Time4VPS hosting for a long time. This is a fairly large web hosting provider in Europe, operating since 2012. We chose Time4VPS for our purposes, since this hosting offers fairly cheap servers with low performance. This was a convenient and profitable option for implementing some technical solutions at the initial stage of development of our project.

Over the past years, we have migrated our subservers and wallets. At the beginning of 2024, several low-power nodes with wallets and some subsystems remained on the Time4VPS server. After the first hack, the hacker discovered the IP address of one of our technical servers rented from Time4VPS.

How did the hacker use the information?

The hacker logged into all our servers, rented from Time4VPS hosting, simultaneously, despite knowing only one IP address. We immediately changed all passwords on servers and accounts, but the hacker quickly changed the passwords again. We found a solution to prevent server authorization and started transitioning from this hosting provider.

However, the hacker gained access to all hoster functions, including global access to all servers, rendering our solutions ineffective. The hacker changed the account email to an invalid one, preventing us from logging in or receiving password change notifications. They connected to the servers without authorization.

At this point, we realized the need to destroy the servers and remove them from the whitelists immediately. Our delay in doing so allowed the hacker to send requests that enabled them to steal funds.

Peckshield report — Peckshield Report on First Hack. Source: Peckshield

Have you contacted Time4VPS support?

On March 31, immediately after discovering unauthorized access to our servers, we contacted Time4VPS to report the hack. We were extremely surprised by their inaction. Technical support informed us that the technicians had the day off and could not assist us. The following day, the Time4VPS team remained inactive. They merely advised us to change the passwords on our account.

We eventually convinced them to verify that certain actions could not be performed through their personal account. Only then did they confirm the hack and promise to provide a report on the incident the next day.

Have you received a hack report from Time4VPS?

More than three months have passed, and there is still no report from Time4VPS. Instead, they requested that we provide some documents through their system. We refused because Time4VPS representatives have not confirmed that they found and fixed the vulnerability. Their demands have created the risk of another information leak.

We agreed to cooperate only with the direct involvement of law enforcement or after they confirmed the vulnerability had been corrected. Additionally, our lawyer was prepared to provide the necessary documents directly at the company’s office to receive reports and assistance. However, Time4VPS management rejected this offer.

Why do you think Time4VPS was inactive at the time of the hack and did not provide assistance after it?

We do not exclude the possibility that a hoster’s employee could have facilitated the hacking. However, we are more inclined to believe that Time4VPS and the Lithuanian company behind it are simply careless. We believe the hoster’s critical vulnerabilities remain unfixed, leaving all their clients’ data unprotected from hacker attacks.

Did the hack impact your customers?

This incident caused problems not only for us but also for our users. As soon as we detected the hack, we turned off FixedFloat and suspended all ongoing exchanges.

FixedFloat is an automated, non-custodial, centralized cryptocurrency exchange service, so we don’t store our users’ funds. Additionally, FixedFloat is not a cryptocurrency mixer. We send funds to exchanges only from our addresses, and this information is public.

Due to the hack, we had obligations to clients who made exchanges at that time. We have since fulfilled all obligations to our users, and completed all orders that stopped due to the service outage. Only our service suffered from the hacking and theft of funds.

What measures did you take after the hack?

The first breach was due to a security vulnerability, which we have since fixed. Unfortunately, we did not anticipate an attack from third parties. Following the second hack, our service was under maintenance for over two months. During this period, our specialists worked extensively to enhance our infrastructure and protect against such attacks.

We have radically revised our security system. This included conducting a comprehensive audit, implementing additional security measures, and improving our threat detection and prevention systems.

Have you completed the technical work?

Yes, FixedFloat has resumed operations. Most cryptocurrencies are already available for exchange, and our specialists are working on adding new currencies. We have been providing high-quality, convenient, and fast cryptocurrency exchange services for six years, and we intend to continue our work.

From a hack survivor perspective, can you give a few recommendations to other platforms and its users on how to increase security?

As a service that has experienced two hacks for different reasons, we’d recommend the following:

Conduct frequent audits of your security systems. Identify and address all vulnerabilities promptly.
Plan for Provider Vulnerabilities. The second hack exploited a vulnerability in our hosting provider, Time4VPS. Platforms should anticipate such scenarios and have a robust procedure for dealing with service provider hacks.
Always prioritize user safety. Implement strict security measures and protocols to protect user data and funds.

What steps are you taking to regain the trust of your users following these accidents?

We are actively engaging with our users through various communication channels, including social networks and forums. This allows us to inform them about the changes we have made. Currently, not all users are aware that FixedFloat has resumed operations, but we are working to spread this information.

We understand that many were concerned about the hack’s impact on our users. However, we emphasize that we are a non-custodial service and do not store user funds. Orders that were not fulfilled due to the emergency shutdown have been completed. At present, we have no financial obligations to our users.

Disclaimer

In compliance with the Trust Project guidelines, this opinion article presents the author’s perspective and may not necessarily reflect the views of BeInCrypto. BeInCrypto remains committed to transparent reporting and upholding the highest standards of journalism. Readers are advised to verify information independently and consult with a professional before making decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.

Source link

Related Topics:FixedFloat Story Survival

Up Next

Top Crypto Leaders to Speak at Blockchain Rio 2024

Don't Miss

Solana ETF Predictions High, Yet SOL Price Sees Downturn

Click to comment

Market

Who Could Drive Bitcoin’s Price to $70,000?

Published

26 mins ago

October 5, 2024

admin

Bitcoin’s (BTC) price recently experienced a 7.8% decline, dropping to $60,000. However, as the king of cryptocurrencies recovers from this drawdown, support from a significant group of investors could push the price higher.

Institutional investors, in particular, are playing a key role in driving Bitcoin’s upward momentum, and their influence might propel BTC toward the $70,000 mark.

Bitcoin Notes Solid Demand

Institutional investors are crucial to Bitcoin’s potential recovery and future growth. According to data from Glassnode, Bitcoin exchange-traded funds (ETFs) now hold over $58 billion worth of BTC. This volume accounts for approximately 4.6% of Bitcoin’s circulating supply, indicating strong demand for regulated exposure to the cryptocurrency.

The institutional demand suggests that large-scale investors view Bitcoin as a viable and valuable asset. As these investors continue to accumulate BTC through ETFs and other regulated means, they contribute to the coin’s long-term growth and stability. Their influence could be key in pushing Bitcoin’s price toward $70,000, especially if demand remains consistent.

Bitcoin US Spot ETF Balance. Source: Glassnode

Bitcoin’s overall macro momentum also appears favorable for a potential price rise. The net realized profit/loss indicator, which tracks investor sentiment and behavior, recently noted a downtick, signaling that profit booking is slowing down. This shift suggests that selling pressure is decreasing, giving Bitcoin the necessary breathing room for a comeback.

As selling sentiment wanes, Bitcoin’s price could benefit from a more balanced market. This reduction in profit-taking allows for a more stable price environment, increasing the chances of a sustained recovery. With institutional demand remaining strong and selling pressure subsiding, Bitcoin could be on track for a price surge.

Bitcoin Net Realized Profit/Loss. Source: Glassnode

BTC Price Prediction: Rallying Hopes

Bitcoin is currently trading at $62,353, just above the crucial support level of $61,868. While this is a positive sign, BTC still faces a significant barrier at $65,292 before it can aim for $70,000. Breaking this resistance is essential for the next leg up in Bitcoin’s price movement.

The factors mentioned above suggest that a price rise is possible, but it will require steady growth supported by continued institutional demand. If institutional investors maintain their interest in BTC, Bitcoin could breach the $65,292 barrier and move closer to $70,000.

Bitcoin Price Analysis. Source: TradingView

However, if institutional demand weakens or large investors pull back, Bitcoin may struggle to break past $65,292. In such a scenario, BTC could test its support level at $61,868, potentially invalidating the bullish outlook and delaying further gains.

Disclaimer

In line with the Trust Project guidelines, this price analysis article is for informational purposes only and should not be considered financial or investment advice. BeInCrypto is committed to accurate, unbiased reporting, but market conditions are subject to change without notice. Always conduct your own research and consult with a professional before making any financial decisions. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.

Source link

Market

This Is How XRP Price Can Recover Its 18% Crash

Published

1 hour ago

October 5, 2024

admin

XRP price has seen a significant downturn in its price recently, dropping from $0.64 to $0.52, marking an 18% crash. However, the altcoin is now focusing on recovering this loss, with a key group of long-term investors potentially playing a vital role in driving this recovery.

XRP’s future movement will depend heavily on its ability to leverage these supportive forces and breakthrough crucial resistance levels.

XRP Investors Have a Huge Responsibility

The Market Value to Realized Value (MVRV) Long/Short Difference indicator currently offers insight into XRP’s investor sentiment. Typically, negative values suggest short-term investors are making profits, which is often a bearish signal.

However, XRP’s situation appears more favorable, as the indicator remains positive. This positivity suggests that long-term holders are in profit, reinforcing the asset’s stability.

These long-term investors, often considered the backbone of any cryptocurrency, are critical to XRP’s recovery. Their confidence and continued support will be essential in helping the altcoin regain lost ground. This stable base of holders suggests that XRP could have the backing needed to reverse its recent crash.

XRP MVRV Long/Short Difference. Source: Santiment

In addition to market sentiment, technical indicators are also showing signs of a potential increase. XRP’s Relative Strength Index (RSI) has shown a slight uptick over the last 48 hours, signaling that bearish momentum is weakening. This is a crucial development, as diminishing bearish pressure may pave the way for bullish momentum to build.

The RSI’s movement is particularly important for XRP because it indicates the market is gradually shifting from a bearish stance. If this momentum sustains, it could help trigger a price rebound, allowing XRP to begin recovering from its recent losses.

XRP Price Prediction: Resistances in Sight

XRP is currently trading at $0.53, following its 18% decline. The altcoin has bounced off the support at the 38.2% Fibonacci Retracement line, which coincides with the $0.52 level. This support level is crucial for maintaining upward momentum, and XRP could continue its increase from here.

The next key target for XRP is the $0.55 mark, which aligns with the 50% Fibonacci Retracement line. Breaching this level would open the door for a rise toward $0.59.

However, if XRP fails to break past $0.55, the bullish outlook will be invalidated. This could lead to a period of consolidation between $0.55 and $0.52, delaying any significant recovery in the near term.

Disclaimer

Source link

Market

POPCAT Price Hits New ATH as Solana Meme Coin Rallies 120%

Published

2 hours ago

October 5, 2024

admin

POPCAT, a Solana meme coin, has reached a new all-time high (ATH) following a significant rally. The coin surged by 109% over the past month, crossing the crucial $1.00 resistance barrier and reaching $1.29.

This marked a pivotal moment for POPCAT, driven by strong market sentiment and unique factors that set it apart from other altcoins.

POPCAT Is a Unique Case

One of the key factors behind POPCAT’s recent rally is its lack of correlation with Bitcoin (BTC). Unlike many other altcoins that tend to move in sync with BTC’s price fluctuations, POPCAT has historically performed better when its correlation with Bitcoin drops. Currently, the correlation between POPCAT and BTC has fallen to 0.33, indicating a weaker relationship.

This lower correlation has proven beneficial for POPCAT, as the broader cryptocurrency market has been facing challenges. The meme coin’s ability to move independently of Bitcoin has allowed it to capitalize on favorable market conditions, leading to the recent price surge.

POPCAT Correlation with Bitcoin. Source: TradingView

From a technical perspective, POPCAT’s macro momentum remains strong. The Relative Strength Index (RSI), a key indicator for assessing overbought or oversold conditions, is currently in the former zone. Despite this, the RSI is still rising, signaling that buying pressure remains strong for POPCAT.

However, it’s worth noting that meme coins like POPCAT often experience sudden price corrections, especially when investors decide to take profits. Although POPCAT holders have not yet shown signs of selling, the risk of a potential pullback looms, given the RSI’s position in the overbought zone.

POPCAT Price Prediction: Beating the Odds

POPCAT’s price saw a 31% rise over the past 24 hours, propelling the Solana-based meme coin to $1.29, its new ATH. This impressive increase is part of a larger 109% rally over the past month, driven by strong market sentiment and favorable technical indicators.

Breaking through the $1.00 barrier was a significant milestone for POPCAT, as this level had previously served as a tough resistance. The broader market conditions supported this breach, enabling the meme coin to soar to new heights.

POPCAT Price Analysis. Source: TradingView

However, a sharp price correction could occur if investors move to take profits. A drop to the $1.00 support level is possible, and losing this key level could push POPCAT down to $0.75, invalidating the potential for further upward momentum. Investors should remain cautious as the coin continues to navigate its volatile price action.

Disclaimer

Source link