In February, the decentralized cryptocurrency exchange FixedFloat experienced a drainer attack, resulting in the loss of over $26 million worth of Bitcoin (BTC) and Ethereum (ETH). By late March, the exchange suffered a second exploit, leading to an additional loss of $2.8 million.

A few months later, FixedFloat shared the details of these incidents and ongoing investigation with BeInCrypto.

FixedFloat has been hacked twice this year. How did this happen?

The first hack occurred on the night of February 16-17. This was an external attack caused by vulnerabilities in our security structure. A hacker exploited a vulnerability in our security and was able to gain access to some of FixedFloat’s functions. The second breach took place on March 31, where the hacker exploited a vulnerability in a third-party service we were using at the time.

Was the second hack committed by the same hacker who committed the previous hack, or was it a different attacker?

We believe the same hacker committed both hacks because the attacks originated from the same IP address. We cannot provide all the details at the moment. However, we can report that hackers possess a large number of compromised servers.

On some of these servers, they have deployed the infrastructure for attacks. They likely did not store evidence on their own devices, instead using third-party servers. The hackers utilized numerous unique IP addresses; however, some were used to launch both attacks.

Do you have information about who exactly is behind the hacks?

We have been using Time4VPS hosting for a long time. This is a fairly large web hosting provider in Europe, operating since 2012. We chose Time4VPS for our purposes, since this hosting offers fairly cheap servers with low performance. This was a convenient and profitable option for implementing some technical solutions at the initial stage of development of our project.

Over the past years, we have migrated our subservers and wallets. At the beginning of 2024, several low-power nodes with wallets and some subsystems remained on the Time4VPS server. After the first hack, the hacker discovered the IP address of one of our technical servers rented from Time4VPS.

How did the hacker use the information?

The hacker logged into all our servers, rented from Time4VPS hosting, simultaneously, despite knowing only one IP address. We immediately changed all passwords on servers and accounts, but the hacker quickly changed the passwords again. We found a solution to prevent server authorization and started transitioning from this hosting provider.

However, the hacker gained access to all hoster functions, including global access to all servers, rendering our solutions ineffective. The hacker changed the account email to an invalid one, preventing us from logging in or receiving password change notifications. They connected to the servers without authorization.

At this point, we realized the need to destroy the servers and remove them from the whitelists immediately. Our delay in doing so allowed the hacker to send requests that enabled them to steal funds.

Have you contacted Time4VPS support?

On March 31, immediately after discovering unauthorized access to our servers, we contacted Time4VPS to report the hack. We were extremely surprised by their inaction. Technical support informed us that the technicians had the day off and could not assist us. The following day, the Time4VPS team remained inactive. They merely advised us to change the passwords on our account.

We eventually convinced them to verify that certain actions could not be performed through their personal account. Only then did they confirm the hack and promise to provide a report on the incident the next day.

Have you received a hack report from Time4VPS?

More than three months have passed, and there is still no report from Time4VPS. Instead, they requested that we provide some documents through their system. We refused because Time4VPS representatives have not confirmed that they found and fixed the vulnerability. Their demands have created the risk of another information leak.

We agreed to cooperate only with the direct involvement of law enforcement or after they confirmed the vulnerability had been corrected. Additionally, our lawyer was prepared to provide the necessary documents directly at the company’s office to receive reports and assistance. However, Time4VPS management rejected this offer.

Why do you think Time4VPS was inactive at the time of the hack and did not provide assistance after it?

We do not exclude the possibility that a hoster’s employee could have facilitated the hacking. However, we are more inclined to believe that Time4VPS and the Lithuanian company behind it are simply careless. We believe the hoster’s critical vulnerabilities remain unfixed, leaving all their clients’ data unprotected from hacker attacks.

Did the hack impact your customers?

This incident caused problems not only for us but also for our users. As soon as we detected the hack, we turned off FixedFloat and suspended all ongoing exchanges.

FixedFloat is an automated, non-custodial, centralized cryptocurrency exchange service, so we don’t store our users’ funds. Additionally, FixedFloat is not a cryptocurrency mixer. We send funds to exchanges only from our addresses, and this information is public.

Due to the hack, we had obligations to clients who made exchanges at that time. We have since fulfilled all obligations to our users, and completed all orders that stopped due to the service outage. Only our service suffered from the hacking and theft of funds.

What measures did you take after the hack?

The first breach was due to a security vulnerability, which we have since fixed. Unfortunately, we did not anticipate an attack from third parties. Following the second hack, our service was under maintenance for over two months. During this period, our specialists worked extensively to enhance our infrastructure and protect against such attacks.

We have radically revised our security system. This included conducting a comprehensive audit, implementing additional security measures, and improving our threat detection and prevention systems.

Have you completed the technical work?

Yes, FixedFloat has resumed operations. Most cryptocurrencies are already available for exchange, and our specialists are working on adding new currencies. We have been providing high-quality, convenient, and fast cryptocurrency exchange services for six years, and we intend to continue our work.

From a hack survivor perspective, can you give a few recommendations to other platforms and its users on how to increase security?

As a service that has experienced two hacks for different reasons, we’d recommend the following:

• Conduct frequent audits of your security systems. Identify and address all vulnerabilities promptly.
• Plan for Provider Vulnerabilities. The second hack exploited a vulnerability in our hosting provider, Time4VPS. Platforms should anticipate such scenarios and have a robust procedure for dealing with service provider hacks.
• Always prioritize user safety. Implement strict security measures and protocols to protect user data and funds.

What steps are you taking to regain the trust of your users following these accidents?

We are actively engaging with our users through various communication channels, including social networks and forums. This allows us to inform them about the changes we have made. Currently, not all users are aware that FixedFloat has resumed operations, but we are working to spread this information.

We understand that many were concerned about the hack’s impact on our users. However, we emphasize that we are a non-custodial service and do not store user funds. Orders that were not fulfilled due to the emergency shutdown have been completed. At present, we have no financial obligations to our users.

A few days ago, the buzz around a Solana (SOL) ETF application filed by VanEck caused the price to increase by 10% within a short period. Later on, investment firm 21Shares joined the race, but the token could not hold on to the initial hike.

However, some analysts stuck to their bullish predictions. But Solana’s short-term outlook may not bring out those forecasts.

Bullish Momentum Folds

At press time, SOL remains range-bound between $132 and $143. In the last 24 hours, the price has decreased by 7.46% due to widespread sell-offs in the market. 

According to the daily chart, the Relative Strength Index (RSI) stands at 40.57. The RSI measures momentum using the extent of price changes and indicates whether an asset is overbought or oversold.

When the value drops below the 50.00 neutral region, momentum is bearish. A rise above the midpoint indicates bullish momentum. Therefore, SOL is in a bearish phase. If unchecked, the momentum may weaken, leading to a lower price. 

Read More: Solana vs. Ethereum: An Ultimate Comparison

However, on June 28, crypto trading firm GSR shared its prediction for the token if the Solana ETF gets approved.

In analyzing the potential, GSR considered the bear, baseline, and bullish phases. It also added that a spot Solana ETF could record 2%, 5%, and 14% of Bitcoin inflows for each phase above.

Based on this prediction, the price of SOL may reach $1,192 in the long term. Previously, BeInCrypto reported that the development led to increased buying pressure on the spot market.

SOL Price Prediction: Token Stuck in Wait-and-See Mode

As of this writing, the Cumulative Volume Delta (CVD) shows otherwise. The CVD shows the difference between buying and selling volume in the market.

If the net difference is positive, it indicates more buying than selling. However, a net negative suggests market participants sell more than they accumulate.

According to Solana’s daily chart, the CVD is -127.945, indicating that more than 127,000 tokens have been sold compared to those that have been bought.

Furthermore, on the same chart, we observed that SOL formed a rounding top combined with an inverted cup and handle. This rounding top pattern appears when the price has hit a high point and is now pronounced toward the downtrend.

The inverted cup and handle signal a bearish continuation. Based on the formation of this pattern, the price of SOL may face a 4.65% decline, which would take it to $126.94.

Read More: Solana (SOL) Price Prediction 2024/2025/2030

However, this prediction will be invalidated if buying pressure increases or if the token gets oversold. Should this be the case, SOL may reverse and attempt to revisit $145.25.

Meanwhile, a recent paper published by Galaxy Research mentioned that the U.S. SEC may not approve the Solana ETFs. 

Authored by Alex Thorn, Charles Yu, and Christine Kim, the digital assets research institution mentioned the absence of a futures Solana ETF and past labeling of the token as security as hindrances. 

A recent post from Telegram CEO Pavel Durov has sparked speculation among the crypto community regarding his interest in the tap-to-earn game Hamster Kombat.

The post has led to a wave of comments and theories about the implications of his statement, potentially signaling an unexpected collaboration between the two.

Has Hamster Kombat Become the New Telegram CEO Interest?

Recently, Durov shared a video about the messaging app’s new updates on his official Telegram channel. He highlighted a shift in how people interact with mini-apps.

“Now people can collapse apps and switch between them. In the future, this new bottom bar will also store web pages and other content for later reading. This update also introduces the ability for channel owners to publish paid photos and videos, which users can buy with Stars. Like mini app developers, channel owners can convert the Stars they collect into Toncoin, with virtually no commission from Telegram,” Durov noted via his Telegram account.

Read more: Tap-to-Earn: What to Know About the Crypto GameFi Trend

Durov’s video strikingly features the Hamster Kombat, which draws community attention. The Hamster Kombat team also commented on this post.

“Looks like Pavel Durov was busy with new updates and just started playing Hamster Kombat! Pavel, please, keep in mind that upgrading your cards and increasing profit per hour is more important than the coin balance! And welcome to the Hamster Family, [sic],” the team wrote.

Hamster Kombat allows players to manage a virtual crypto exchange by tapping on digital hamsters to earn coins. Players tap in-game “hamsters” to mine HMSTR coins.

They can also boost earnings by winning coins via the Daily Combo, subscribing to the game’s YouTube channel, or inviting friends. Special missions and daily check-ins offer extra coins, and players can upgrade their exchanges to increase their earning rate.

BeInCrypto recently reported that Hamster Kombat has surpassed 200 million users globally. The project also launched its Hamster Academy in 17 different languages. The community eagerly awaits the long-promised airdrop.

Durov also has a history of showing interest in tap-to-earn games, thus further fueling the community’s speculation. In May, he publicly expressed his support for Notcoin (NOT), the pioneer tap-to-earn game on Telegram, illustrating how Notcoin quickly transformed from an in-game currency to real money for its users.

Read more: What is Notcoin (NOT)? A Guide to the Telegram-Based GameFi Token

In the same month, Durov and his team received over 1 billion NOT tokens, valued at roughly $6.8 million at the time. He pledged to keep the tokens until their value increased 100 times.