Connect with us

Market

The Survival Story of FixedFloat

Published

on


In February, the decentralized cryptocurrency exchange FixedFloat experienced a drainer attack, resulting in the loss of over $26 million worth of Bitcoin (BTC) and Ethereum (ETH). By late March, the exchange suffered a second exploit, leading to an additional loss of $2.8 million.

A few months later, FixedFloat shared the details of these incidents and ongoing investigation with BeInCrypto.

FixedFloat has been hacked twice this year. How did this happen?

The first hack occurred on the night of February 16-17. This was an external attack caused by vulnerabilities in our security structure. A hacker exploited a vulnerability in our security and was able to gain access to some of FixedFloat’s functions. The second breach took place on March 31, where the hacker exploited a vulnerability in a third-party service we were using at the time.

Was the second hack committed by the same hacker who committed the previous hack, or was it a different attacker?

We believe the same hacker committed both hacks because the attacks originated from the same IP address. We cannot provide all the details at the moment. However, we can report that hackers possess a large number of compromised servers.

On some of these servers, they have deployed the infrastructure for attacks. They likely did not store evidence on their own devices, instead using third-party servers. The hackers utilized numerous unique IP addresses; however, some were used to launch both attacks.

Do you have information about who exactly is behind the hacks?

We have been using Time4VPS hosting for a long time. This is a fairly large web hosting provider in Europe, operating since 2012. We chose Time4VPS for our purposes, since this hosting offers fairly cheap servers with low performance. This was a convenient and profitable option for implementing some technical solutions at the initial stage of development of our project.

Over the past years, we have migrated our subservers and wallets. At the beginning of 2024, several low-power nodes with wallets and some subsystems remained on the Time4VPS server. After the first hack, the hacker discovered the IP address of one of our technical servers rented from Time4VPS.

How did the hacker use the information?

The hacker logged into all our servers, rented from Time4VPS hosting, simultaneously, despite knowing only one IP address. We immediately changed all passwords on servers and accounts, but the hacker quickly changed the passwords again. We found a solution to prevent server authorization and started transitioning from this hosting provider.

However, the hacker gained access to all hoster functions, including global access to all servers, rendering our solutions ineffective. The hacker changed the account email to an invalid one, preventing us from logging in or receiving password change notifications. They connected to the servers without authorization.

At this point, we realized the need to destroy the servers and remove them from the whitelists immediately. Our delay in doing so allowed the hacker to send requests that enabled them to steal funds.

Peckshield report
Peckshield Report on First Hack. Source: Peckshield

Have you contacted Time4VPS support?

On March 31, immediately after discovering unauthorized access to our servers, we contacted Time4VPS to report the hack. We were extremely surprised by their inaction. Technical support informed us that the technicians had the day off and could not assist us. The following day, the Time4VPS team remained inactive. They merely advised us to change the passwords on our account.

We eventually convinced them to verify that certain actions could not be performed through their personal account. Only then did they confirm the hack and promise to provide a report on the incident the next day.

Have you received a hack report from Time4VPS?

More than three months have passed, and there is still no report from Time4VPS. Instead, they requested that we provide some documents through their system. We refused because Time4VPS representatives have not confirmed that they found and fixed the vulnerability. Their demands have created the risk of another information leak.

We agreed to cooperate only with the direct involvement of law enforcement or after they confirmed the vulnerability had been corrected. Additionally, our lawyer was prepared to provide the necessary documents directly at the company’s office to receive reports and assistance. However, Time4VPS management rejected this offer.

Why do you think Time4VPS was inactive at the time of the hack and did not provide assistance after it?

We do not exclude the possibility that a hoster’s employee could have facilitated the hacking. However, we are more inclined to believe that Time4VPS and the Lithuanian company behind it are simply careless. We believe the hoster’s critical vulnerabilities remain unfixed, leaving all their clients’ data unprotected from hacker attacks.

Did the hack impact your customers?

This incident caused problems not only for us but also for our users. As soon as we detected the hack, we turned off FixedFloat and suspended all ongoing exchanges.

FixedFloat is an automated, non-custodial, centralized cryptocurrency exchange service, so we don’t store our users’ funds. Additionally, FixedFloat is not a cryptocurrency mixer. We send funds to exchanges only from our addresses, and this information is public.

Due to the hack, we had obligations to clients who made exchanges at that time. We have since fulfilled all obligations to our users, and completed all orders that stopped due to the service outage. Only our service suffered from the hacking and theft of funds.

What measures did you take after the hack?

The first breach was due to a security vulnerability, which we have since fixed. Unfortunately, we did not anticipate an attack from third parties. Following the second hack, our service was under maintenance for over two months. During this period, our specialists worked extensively to enhance our infrastructure and protect against such attacks.

We have radically revised our security system. This included conducting a comprehensive audit, implementing additional security measures, and improving our threat detection and prevention systems.

Have you completed the technical work?

Yes, FixedFloat has resumed operations. Most cryptocurrencies are already available for exchange, and our specialists are working on adding new currencies. We have been providing high-quality, convenient, and fast cryptocurrency exchange services for six years, and we intend to continue our work.

From a hack survivor perspective, can you give a few recommendations to other platforms and its users on how to increase security?

As a service that has experienced two hacks for different reasons, we’d recommend the following:

  • Conduct frequent audits of your security systems. Identify and address all vulnerabilities promptly.
  • Plan for Provider Vulnerabilities. The second hack exploited a vulnerability in our hosting provider, Time4VPS. Platforms should anticipate such scenarios and have a robust procedure for dealing with service provider hacks.
  • Always prioritize user safety. Implement strict security measures and protocols to protect user data and funds.

What steps are you taking to regain the trust of your users following these accidents?

We are actively engaging with our users through various communication channels, including social networks and forums. This allows us to inform them about the changes we have made. Currently, not all users are aware that FixedFloat has resumed operations, but we are working to spread this information.

We understand that many were concerned about the hack’s impact on our users. However, we emphasize that we are a non-custodial service and do not store user funds. Orders that were not fulfilled due to the emergency shutdown have been completed. At present, we have no financial obligations to our users.

Disclaimer

In compliance with the Trust Project guidelines, this opinion article presents the author’s perspective and may not necessarily reflect the views of BeInCrypto. BeInCrypto remains committed to transparent reporting and upholding the highest standards of journalism. Readers are advised to verify information independently and consult with a professional before making decisions based on this content.  Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Market

This Is Why XRP Price Rallied By 25% and Could Soon Hit $2

Published

on


Ripple’s (XRP) price rallied by 25% in the last 24 hours following Gary Gensler’s announcement that he would resign as the US Securities and Exchange Commission (SEC) chair on January 20, 2025.

This development comes as a relief to the popular “XRP Army,” which has had to deal with suppressed price action due to the Gensler-led SEC’s nonstop petitions against Ripple. But that is not all that happened. 

Ripple Bears Face Notable Liquidation Following Gensler’s Notification

Gensler’s announcement appears to be a positive development for the broader crypto market. But XRP holders seemed to benefit the most. This was particularly significant given the unresolved Ripple-SEC legal issues that have persisted throughout the SEC Chair’s tenure.

As a result, it came as no surprise that XRP price rallied and outpaced those of any other cryptocurrency in the top 10. Furthermore, the development triggered liquidations totaling $26.11 million over the last 24 hours.

Liquidation occurs when a trader fails to meet the margin requirements for a leveraged position. This forces the exchange to sell off their assets to prevent further losses. In XRP’s case, the liquidation primarily resulted in a short squeeze.

XRP liquidations
Crypto Market 24-Hour Liquidations. Source: Coinglass

A short squeeze happens when a large number of short positions (traders betting on price declines) are forced to close, driving the price higher as they rush back to buy back the asset.

At press time, XRP trades at $1.40 and currently has a market cap of $80.64 billion. With Gensler almost gone, crypto lawyer John Deaton noted that XRP price gains could be higher, and the market cap could climb to $100 billion.

“XRP soon will achieve a $100B market cap. Times are changing,” Deaton wrote on X.

Meanwhile, CryptoQuant data shows that the total number of XRP sent into exchange has significantly decreased. Typically, high values indicate increased selling pressure in the spot market. This is because it suggests that more assets are being offloaded, potentially driving prices lower.

However, since it is low, XRP holders are refraining from selling. If this remains the case, the token’s value could rise higher than $1.40.

XRP exchange inflow
XRP Exchange Inflow. Source: CryptoQuant

XRP Price Prediction: $2 Coming?

According to the 4-hour chart, XRP has been trading within a range of $1.04 to $1.17 since November 18. This sideways movement has resulted in the formation of a bull flag — a bullish chart pattern that signals potential upward momentum.

The bull flag begins with a sharp price surge, forming the flagpole, driven by significant buying pressure that outpaces sellers. This is followed by a consolidation phase, where the price retraces slightly and moves within parallel trendlines, creating the flag structure.

Yesterday, XRP broke out of this pattern, signaling that bulls have seized control of the market. If this momentum persists, XRP’s price could surpass $1.50, potentially approaching the $2 threshold.

XRP price analysis
XRP 4-Hour Analysis. Source: TradingView

However, this bullish scenario hinges on market behavior. If holders decide to secure profits, selling pressure could push XRP’s price below $1, erasing recent gains.

Disclaimer

In line with the Trust Project guidelines, this price analysis article is for informational purposes only and should not be considered financial or investment advice. BeInCrypto is committed to accurate, unbiased reporting, but market conditions are subject to change without notice. Always conduct your own research and consult with a professional before making any financial decisions. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading

Market

Dogecoin (DOGE) Shows Renewed Energy: Rally Incoming?

Published

on


Dogecoin is consolidating gains above the $0.380 resistance against the US Dollar. DOGE is holding gains and eyeing more upsides above $0.400.

  • DOGE price started a fresh increase above the $0.3750 resistance level.
  • The price is trading above the $0.3800 level and the 100-hourly simple moving average.
  • There was a break above a short-term contracting triangle with resistance at $0.390 on the hourly chart of the DOGE/USD pair (data source from Kraken).
  • The price could continue to rally if it clears the $0.400 and $0.4080 resistance levels.

Dogecoin Price Eyes More Upsides

Dogecoin price remained supported above the $0.350 level and recently started a fresh increase like Bitcoin and Ethereum. DOGE was able to clear the $0.3650 and $0.3750 resistance levels.

The price climbed above the 50% Fib retracement level of the downward move from the $0.4208 swing high to the $0.3652 low. Besides, there was a break above a short-term contracting triangle with resistance at $0.390 on the hourly chart of the DOGE/USD pair.

Dogecoin price is now trading above the $0.3750 level and the 100-hourly simple moving average. Immediate resistance on the upside is near the $0.3950 level or the 61.8% Fib retracement level of the downward move from the $0.4208 swing high to the $0.3652 low.

Dogecoin Price

The first major resistance for the bulls could be near the $0.400 level. The next major resistance is near the $0.4080 level. A close above the $0.4080 resistance might send the price toward the $0.4200 resistance. Any more gains might send the price toward the $0.4500 level. The next major stop for the bulls might be $0.500.

Are Dips Supported In DOGE?

If DOGE’s price fails to climb above the $0.400 level, it could start a downside correction. Initial support on the downside is near the $0.3850 level. The next major support is near the $0.3750 level.

The main support sits at $0.3550. If there is a downside break below the $0.3550 support, the price could decline further. In the stated case, the price might decline toward the $0.3200 level or even $0.300 in the near term.

Technical Indicators

Hourly MACD – The MACD for DOGE/USD is now gaining momentum in the bullish zone.

Hourly RSI (Relative Strength Index) – The RSI for DOGE/USD is now above the 50 level.

Major Support Levels – $0.3850 and $0.3750.

Major Resistance Levels – $0.4000 and $0.4200.



Source link

Continue Reading

Market

Solana Hits New All-Time High After 3 Years

Published

on


On Friday, Solana (SOL) soared to a new all-time high (ATH), now trading at approximately $261. This breakthrough surpasses its previous peak set in November 2021.

Solana’s rise to a new ATH marks an increase of over 32 times from its lows recorded in December 2022.

Solana Hits All-Time High as Gary Gensler Plans Resignation

Solana’s path to this new high has been anything but smooth. After reaching its previous high in 2021, the platform faced a downturn in 2022 amid a broader crypto bear market, further exacerbated by technical issues and network downtimes.

The collapse of FTX in November 2022 pushed Solana’s price down to around $8.

Solana Price Performance. Source: BeInCrypto

However, Solana has since made a remarkable recovery, increasing more than 32-fold from its low. Now, Solana enthusiasts believe that SOL could eventually outpace Ethereum (ETH) in market capitalization.

“Solana has been at an all-time high by market cap for a while actually. Now, we’re finally in price discovery. The flippening is coming,” Birch, the founder of PathCrypto, said.

The surge in Solana’s market value coincides with the news of SEC Chairman Gary Gensler’s planned resignation, slated for January 20, 2025, as Donald Trump assumes office.

Known for his strict regulatory stance on cryptocurrencies, Gensler’s departure signals a potential shift toward a more crypto-friendly administration. Consequently, this political change is stoking speculations about the approval of a Solana exchange-traded fund (ETF). According to Fox Business journalist Eleanor Terrett, the SEC has begun engaging with issuers to explore the possibility of a Solana ETF.

“Talks between SEC staff and issuers looking to launch a Solana spot ETF are “progressing” with the SEC now engaging on S-1 applications. Recent engagement from staff, coupled with the incoming pro-crypto administration, is sparking a renewed sense of optimism that a Solana ETF could be approved sometime in 2025,” Terrett claimed.

Previous efforts to launch a Solana ETF were stalled by regulatory roadblocks, often stopping early in the process. However, the changing political environment and the SEC’s increased openness have reignited hopes within the crypto community. Recent filings for a Solana ETF by Canary Capital and BitWise reflect a growing interest and anticipation for regulatory approval.

Despite these encouraging developments, the odds of a Solana ETF approval in 2024 remain low, with Polymarket estimates placing it at around 4%.

Odds of Solana ETF Approval in 2024
Odds of Solana ETF Approval in 2024. Source: Polymarket

Meanwhile, the crypto community is also closely watching Bitcoin as it approaches the highly anticipated $100,000 mark. On Friday, Bitcoin recorded a new high of about $99,300. This milestone is viewed as a pivotal moment for Bitcoin and could impact other cryptocurrencies, including Solana.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading

Trending

Copyright © 2024 coin2049.io