Connect with us

Market

The Survival Story of FixedFloat

Published

on


In February, the decentralized cryptocurrency exchange FixedFloat experienced a drainer attack, resulting in the loss of over $26 million worth of Bitcoin (BTC) and Ethereum (ETH). By late March, the exchange suffered a second exploit, leading to an additional loss of $2.8 million.

A few months later, FixedFloat shared the details of these incidents and ongoing investigation with BeInCrypto.

FixedFloat has been hacked twice this year. How did this happen?

The first hack occurred on the night of February 16-17. This was an external attack caused by vulnerabilities in our security structure. A hacker exploited a vulnerability in our security and was able to gain access to some of FixedFloat’s functions. The second breach took place on March 31, where the hacker exploited a vulnerability in a third-party service we were using at the time.

Was the second hack committed by the same hacker who committed the previous hack, or was it a different attacker?

We believe the same hacker committed both hacks because the attacks originated from the same IP address. We cannot provide all the details at the moment. However, we can report that hackers possess a large number of compromised servers.

On some of these servers, they have deployed the infrastructure for attacks. They likely did not store evidence on their own devices, instead using third-party servers. The hackers utilized numerous unique IP addresses; however, some were used to launch both attacks.

Do you have information about who exactly is behind the hacks?

We have been using Time4VPS hosting for a long time. This is a fairly large web hosting provider in Europe, operating since 2012. We chose Time4VPS for our purposes, since this hosting offers fairly cheap servers with low performance. This was a convenient and profitable option for implementing some technical solutions at the initial stage of development of our project.

Over the past years, we have migrated our subservers and wallets. At the beginning of 2024, several low-power nodes with wallets and some subsystems remained on the Time4VPS server. After the first hack, the hacker discovered the IP address of one of our technical servers rented from Time4VPS.

How did the hacker use the information?

The hacker logged into all our servers, rented from Time4VPS hosting, simultaneously, despite knowing only one IP address. We immediately changed all passwords on servers and accounts, but the hacker quickly changed the passwords again. We found a solution to prevent server authorization and started transitioning from this hosting provider.

However, the hacker gained access to all hoster functions, including global access to all servers, rendering our solutions ineffective. The hacker changed the account email to an invalid one, preventing us from logging in or receiving password change notifications. They connected to the servers without authorization.

At this point, we realized the need to destroy the servers and remove them from the whitelists immediately. Our delay in doing so allowed the hacker to send requests that enabled them to steal funds.

Peckshield report
Peckshield Report on First Hack. Source: Peckshield

Have you contacted Time4VPS support?

On March 31, immediately after discovering unauthorized access to our servers, we contacted Time4VPS to report the hack. We were extremely surprised by their inaction. Technical support informed us that the technicians had the day off and could not assist us. The following day, the Time4VPS team remained inactive. They merely advised us to change the passwords on our account.

We eventually convinced them to verify that certain actions could not be performed through their personal account. Only then did they confirm the hack and promise to provide a report on the incident the next day.

Have you received a hack report from Time4VPS?

More than three months have passed, and there is still no report from Time4VPS. Instead, they requested that we provide some documents through their system. We refused because Time4VPS representatives have not confirmed that they found and fixed the vulnerability. Their demands have created the risk of another information leak.

We agreed to cooperate only with the direct involvement of law enforcement or after they confirmed the vulnerability had been corrected. Additionally, our lawyer was prepared to provide the necessary documents directly at the company’s office to receive reports and assistance. However, Time4VPS management rejected this offer.

Why do you think Time4VPS was inactive at the time of the hack and did not provide assistance after it?

We do not exclude the possibility that a hoster’s employee could have facilitated the hacking. However, we are more inclined to believe that Time4VPS and the Lithuanian company behind it are simply careless. We believe the hoster’s critical vulnerabilities remain unfixed, leaving all their clients’ data unprotected from hacker attacks.

Did the hack impact your customers?

This incident caused problems not only for us but also for our users. As soon as we detected the hack, we turned off FixedFloat and suspended all ongoing exchanges.

FixedFloat is an automated, non-custodial, centralized cryptocurrency exchange service, so we don’t store our users’ funds. Additionally, FixedFloat is not a cryptocurrency mixer. We send funds to exchanges only from our addresses, and this information is public.

Due to the hack, we had obligations to clients who made exchanges at that time. We have since fulfilled all obligations to our users, and completed all orders that stopped due to the service outage. Only our service suffered from the hacking and theft of funds.

What measures did you take after the hack?

The first breach was due to a security vulnerability, which we have since fixed. Unfortunately, we did not anticipate an attack from third parties. Following the second hack, our service was under maintenance for over two months. During this period, our specialists worked extensively to enhance our infrastructure and protect against such attacks.

We have radically revised our security system. This included conducting a comprehensive audit, implementing additional security measures, and improving our threat detection and prevention systems.

Have you completed the technical work?

Yes, FixedFloat has resumed operations. Most cryptocurrencies are already available for exchange, and our specialists are working on adding new currencies. We have been providing high-quality, convenient, and fast cryptocurrency exchange services for six years, and we intend to continue our work.

From a hack survivor perspective, can you give a few recommendations to other platforms and its users on how to increase security?

As a service that has experienced two hacks for different reasons, we’d recommend the following:

  • Conduct frequent audits of your security systems. Identify and address all vulnerabilities promptly.
  • Plan for Provider Vulnerabilities. The second hack exploited a vulnerability in our hosting provider, Time4VPS. Platforms should anticipate such scenarios and have a robust procedure for dealing with service provider hacks.
  • Always prioritize user safety. Implement strict security measures and protocols to protect user data and funds.

What steps are you taking to regain the trust of your users following these accidents?

We are actively engaging with our users through various communication channels, including social networks and forums. This allows us to inform them about the changes we have made. Currently, not all users are aware that FixedFloat has resumed operations, but we are working to spread this information.

We understand that many were concerned about the hack’s impact on our users. However, we emphasize that we are a non-custodial service and do not store user funds. Orders that were not fulfilled due to the emergency shutdown have been completed. At present, we have no financial obligations to our users.

Disclaimer

In compliance with the Trust Project guidelines, this opinion article presents the author’s perspective and may not necessarily reflect the views of BeInCrypto. BeInCrypto remains committed to transparent reporting and upholding the highest standards of journalism. Readers are advised to verify information independently and consult with a professional before making decisions based on this content.  Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Market

Will the SEC Approve Grayscale’s Solana ETF?

Published

on


Grayscale has submitted a registration statement with the SEC to convert its Grayscale Solana Trust (GSOL) into an ETF listed on NYSE Arca. 

Despite the filing, prediction markets remain unconvinced about the chances of approval.

Is a Solana ETF Approval Still Unlikely for Q2?

On Polymarket, odds for a Solana ETF approval in the second quarter of 2025 stand at just 23%. Broader expectations for any 2025 approval are at 83%, down from 92% earlier this year.

The decline reflects regulatory delays. In March, the SEC extended review timelines for several ETF applications tied to Solana, XRP, and other altcoins. 

solana etf odds polymarket
Polymarket Odds on a Solana ETF Approval by July 31. Source: Polymarket

This pattern suggests the agency may be holding off on decisions until a permanent chair takes over. Mark Uyeda, currently serving as interim chair, has not signaled a shift in stance.

Paul Atkins, Trump’s nominee to lead the agency, appeared before the Senate last week. Lawmakers questioned his involvement in crypto-related businesses, adding further uncertainty around future approvals.

Grayscale’s latest filing excludes staking, which could speed up the review process. The SEC has previously objected to staking features in ETF proposals. 

When spot Ethereum ETFs moved forward last year, Grayscale, Fidelity, and Ark Invest/21Shares all removed staking components to align with the SEC’s expectations at the time.

Under Gary Gensler’s leadership, the SEC expressed concern that proof-of-stake protocols could fall under securities law. Asset managers adjusted their applications accordingly to move forward.

Following approvals for spot Bitcoin and Ethereum ETFs, several firms aim to expand their offerings to include other cryptocurrencies. They plan to offer access through traditional brokerage accounts without requiring direct asset custody.

Solana remains a strong contender due to its growing futures market in the US and a more favorable regulatory environment. Analysts view it as one of the next likely approvals if the SEC opens the door to more altcoin ETFs.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading

Market

XRP Price Vulnerable To Falling Below $2 After 18% Decline

Published

on


XRP has faced a significant correction in recent weeks, resulting in an 18% decline in the altcoin’s price. As a result, XRP is currently struggling to maintain upward momentum, with investors losing confidence. 

This recent slump has raised concerns about the asset’s future, especially as certain XRP holders begin to sell their positions, increasing bearish pressure.

XRP Investors Are Pulling Back

The recent downturn in XRP’s price has triggered a sharp spike in the “Age Consumed” metric. This indicator tracks the movement of coins from long-term holders (LTHs) and has reached its highest level in over four months. The increase suggests that LTHs, who have been holding XRP for extended periods, are now losing patience. 

This selling behavior may be driven by the lack of price recovery and the overall weak market conditions that have not improved. These holders appear to be attempting to limit their losses by liquidating their positions, which in turn increases the downward pressure on XRP’s price. This mass selling from LTHs further compounds the challenges for XRP, as their decision to sell is often seen as a sign of waning confidence in the cryptocurrency. 

XRP Age Consumed
XRP Age Consumed. Source: Santiment

XRP’s market momentum appears to be weakening, as evidenced by the recent decline in the number of new addresses. The metric tracking new addresses has fallen to a five-month low, suggesting that XRP is struggling to attract new investors. This lack of fresh interest signals growing skepticism within the broader market, with potential investors hesitant to buy into an asset that has failed to deliver strong price action.

The drop in new addresses reflects a broader trend of reduced market traction and the lack of conviction from buyers. When combined with the selling pressure from LTHs, it creates a challenging environment for XRP to regain bullish momentum

XRP New Addresses
XRP New Addresses. Source Glassnode

XRP Price Needs A Boost

XRP’s price is currently holding at $2.06, just above the key support level of $2.02. If it manages to stabilize and break through the immediate resistance at $2.14, there could be a potential rebound, taking XRP higher.

However, with the continued weakness in market sentiment and the aforementioned bearish cues, XRP remains vulnerable to further declines. If the support of $2.02 fails, the price could drop further to $1.94, extending the 18% decline noted in the last two weeks.

XRP Price Analysis
XRP Price Analysis. Source: TradingView

If XRP manages to reclaim the $2.14 level and holds above it, the price could make its way toward $2.27. Breaching this level would invalidate the bearish outlook, signaling a potential recovery and restoring investor confidence in the cryptocurrency.

Disclaimer

In line with the Trust Project guidelines, this price analysis article is for informational purposes only and should not be considered financial or investment advice. BeInCrypto is committed to accurate, unbiased reporting, but market conditions are subject to change without notice. Always conduct your own research and consult with a professional before making any financial decisions. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading

Market

HBAR Futures Traders Lead the Charge as Buying Pressure Grows

Published

on


Hedera Foundation’s recent move to partner with Zoopto for a late-stage bid to acquire TikTok has sparked renewed investor interest in HBAR, driving a fresh wave of demand for the altcoin.

Market participants have grown increasingly bullish, with a notable uptick in long positions signaling growing confidence in HBAR’s future price performance.

HBAR’s Futures Market Sees Bullish Spike

HBAR’s long/short ratio currently sits at a monthly high of 1.08. Over the past 24 hours, its value has climbed by 17%, reflecting the surge in demand for long positions among derivatives traders. 

HBAR Long/Short Ratio
HBAR Long/Short Ratio. Source: Coinglass

An asset’s long/short ratio compares the proportion of its long positions (bets on price increases) to short ones (bets on price declines) in the market. 

When the long/short ratio is above one like this, more traders are holding long positions than short ones, indicating bullish market sentiment. This suggests that HBAR investors expect the asset’s price to rise, a trend that could drive buying activity and cause HBAR’s price to extend its rally. 

Further, the token’s Balance of Power (BoP) confirms this bullish outlook. At press time, this bullish indicator, which measures buying and selling pressure, is above zero at 0.25. 

HBAR BoP.
HBAR BoP. Source: TradingView

When an asset’s BoP is above zero, buying pressure is stronger than selling pressure, suggesting bullish momentum. This means HBAR buyers dominate price action, and are pushing its value higher. 

HBAR Buyers Push Back After Hitting Multi-Month Low

During Thursday’s trading session, HBAR traded briefly at a four-month low of $0.153. However, with strengthening buying pressure, the altcoin appears to be correcting this downward trend. 

If HBAR buyers consolidate their control, the token could flip the resistance at $0.169 into a support floor and climb toward $0.247.

HBAR Price Analysis
HBAR Price Analysis. Source: TradingView

However, a resurgence in profit-taking activity will invalidate this bullish projection. HBAR could resume its decline and fall to $0.129 in that scenario.

Disclaimer

In line with the Trust Project guidelines, this price analysis article is for informational purposes only and should not be considered financial or investment advice. BeInCrypto is committed to accurate, unbiased reporting, but market conditions are subject to change without notice. Always conduct your own research and consult with a professional before making any financial decisions. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading

Trending

Copyright © 2024 coin2049.io