Connect with us

Market

The Survival Story of FixedFloat

Published

on


In February, the decentralized cryptocurrency exchange FixedFloat experienced a drainer attack, resulting in the loss of over $26 million worth of Bitcoin (BTC) and Ethereum (ETH). By late March, the exchange suffered a second exploit, leading to an additional loss of $2.8 million.

A few months later, FixedFloat shared the details of these incidents and ongoing investigation with BeInCrypto.

FixedFloat has been hacked twice this year. How did this happen?

The first hack occurred on the night of February 16-17. This was an external attack caused by vulnerabilities in our security structure. A hacker exploited a vulnerability in our security and was able to gain access to some of FixedFloat’s functions. The second breach took place on March 31, where the hacker exploited a vulnerability in a third-party service we were using at the time.

Was the second hack committed by the same hacker who committed the previous hack, or was it a different attacker?

We believe the same hacker committed both hacks because the attacks originated from the same IP address. We cannot provide all the details at the moment. However, we can report that hackers possess a large number of compromised servers.

On some of these servers, they have deployed the infrastructure for attacks. They likely did not store evidence on their own devices, instead using third-party servers. The hackers utilized numerous unique IP addresses; however, some were used to launch both attacks.

Do you have information about who exactly is behind the hacks?

We have been using Time4VPS hosting for a long time. This is a fairly large web hosting provider in Europe, operating since 2012. We chose Time4VPS for our purposes, since this hosting offers fairly cheap servers with low performance. This was a convenient and profitable option for implementing some technical solutions at the initial stage of development of our project.

Over the past years, we have migrated our subservers and wallets. At the beginning of 2024, several low-power nodes with wallets and some subsystems remained on the Time4VPS server. After the first hack, the hacker discovered the IP address of one of our technical servers rented from Time4VPS.

How did the hacker use the information?

The hacker logged into all our servers, rented from Time4VPS hosting, simultaneously, despite knowing only one IP address. We immediately changed all passwords on servers and accounts, but the hacker quickly changed the passwords again. We found a solution to prevent server authorization and started transitioning from this hosting provider.

However, the hacker gained access to all hoster functions, including global access to all servers, rendering our solutions ineffective. The hacker changed the account email to an invalid one, preventing us from logging in or receiving password change notifications. They connected to the servers without authorization.

At this point, we realized the need to destroy the servers and remove them from the whitelists immediately. Our delay in doing so allowed the hacker to send requests that enabled them to steal funds.

Peckshield report
Peckshield Report on First Hack. Source: Peckshield

Have you contacted Time4VPS support?

On March 31, immediately after discovering unauthorized access to our servers, we contacted Time4VPS to report the hack. We were extremely surprised by their inaction. Technical support informed us that the technicians had the day off and could not assist us. The following day, the Time4VPS team remained inactive. They merely advised us to change the passwords on our account.

We eventually convinced them to verify that certain actions could not be performed through their personal account. Only then did they confirm the hack and promise to provide a report on the incident the next day.

Have you received a hack report from Time4VPS?

More than three months have passed, and there is still no report from Time4VPS. Instead, they requested that we provide some documents through their system. We refused because Time4VPS representatives have not confirmed that they found and fixed the vulnerability. Their demands have created the risk of another information leak.

We agreed to cooperate only with the direct involvement of law enforcement or after they confirmed the vulnerability had been corrected. Additionally, our lawyer was prepared to provide the necessary documents directly at the company’s office to receive reports and assistance. However, Time4VPS management rejected this offer.

Why do you think Time4VPS was inactive at the time of the hack and did not provide assistance after it?

We do not exclude the possibility that a hoster’s employee could have facilitated the hacking. However, we are more inclined to believe that Time4VPS and the Lithuanian company behind it are simply careless. We believe the hoster’s critical vulnerabilities remain unfixed, leaving all their clients’ data unprotected from hacker attacks.

Did the hack impact your customers?

This incident caused problems not only for us but also for our users. As soon as we detected the hack, we turned off FixedFloat and suspended all ongoing exchanges.

FixedFloat is an automated, non-custodial, centralized cryptocurrency exchange service, so we don’t store our users’ funds. Additionally, FixedFloat is not a cryptocurrency mixer. We send funds to exchanges only from our addresses, and this information is public.

Due to the hack, we had obligations to clients who made exchanges at that time. We have since fulfilled all obligations to our users, and completed all orders that stopped due to the service outage. Only our service suffered from the hacking and theft of funds.

What measures did you take after the hack?

The first breach was due to a security vulnerability, which we have since fixed. Unfortunately, we did not anticipate an attack from third parties. Following the second hack, our service was under maintenance for over two months. During this period, our specialists worked extensively to enhance our infrastructure and protect against such attacks.

We have radically revised our security system. This included conducting a comprehensive audit, implementing additional security measures, and improving our threat detection and prevention systems.

Have you completed the technical work?

Yes, FixedFloat has resumed operations. Most cryptocurrencies are already available for exchange, and our specialists are working on adding new currencies. We have been providing high-quality, convenient, and fast cryptocurrency exchange services for six years, and we intend to continue our work.

From a hack survivor perspective, can you give a few recommendations to other platforms and its users on how to increase security?

As a service that has experienced two hacks for different reasons, we’d recommend the following:

  • Conduct frequent audits of your security systems. Identify and address all vulnerabilities promptly.
  • Plan for Provider Vulnerabilities. The second hack exploited a vulnerability in our hosting provider, Time4VPS. Platforms should anticipate such scenarios and have a robust procedure for dealing with service provider hacks.
  • Always prioritize user safety. Implement strict security measures and protocols to protect user data and funds.

What steps are you taking to regain the trust of your users following these accidents?

We are actively engaging with our users through various communication channels, including social networks and forums. This allows us to inform them about the changes we have made. Currently, not all users are aware that FixedFloat has resumed operations, but we are working to spread this information.

We understand that many were concerned about the hack’s impact on our users. However, we emphasize that we are a non-custodial service and do not store user funds. Orders that were not fulfilled due to the emergency shutdown have been completed. At present, we have no financial obligations to our users.

Disclaimer

In compliance with the Trust Project guidelines, this opinion article presents the author’s perspective and may not necessarily reflect the views of BeInCrypto. BeInCrypto remains committed to transparent reporting and upholding the highest standards of journalism. Readers are advised to verify information independently and consult with a professional before making decisions based on this content.  Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Market

Polymarket Faces Ban in France as US Election Betting Ends

Published

on


According to a report from The Big Whale, the National Gaming Authority (ANJ), France’s gambling regulator, is preparing to block the prediction markets platform Polymarket.

Polymarket, the decentralized platform that allows users to bet on the outcome of political events, sports, and other occurrences using cryptocurrency, has gained popularity in recent months, especially with bets surrounding the US presidential election. More than $3.2 billion was reportedly wagered on the platform during this high-stakes period, with a record-breaking $294 million in volume on November 5 alone.

France Users May No Longer Access Polymarket

According to The Big Whale, a French website that covers the crypto industry, the ANJ’s impending ban comes after a French trader placed a $30 million bet on a Trump victory, reportedly attracting the regulator’s scrutiny.

The trader’s wager positioned him to make approximately $19 million in profits, a sum that has intensified concerns over Polymarket’s compliance with French gambling laws. A source close to the ANJ stated that despite Polymarket’s use of blockchain and cryptocurrency, its activities are akin to gambling, making it subject to restrictions under French law.

“We are aware of this site and we are currently examining its operation as well as its compliance with French gambling legislation,” The Big Whale reported, citing an ANJ spokesperson.

Read more: What is Polymarket? A Guide to The Popular Prediction Market

 Legal expert William O’Rorke from ORWL Avocats explained that although Polymarket does not specifically target French users, its activities fall squarely under gambling regulations.

“Polymarket involves betting money on uncertain outcomes, which aligns with the legal definition of gambling,” O’Rorke noted.

Against this backdrop, the ANJ is well within its mandate to block the platform’s access in France. Accordingly, the French regulator may enforce the ban by blocking Polymarket’s domain name in France. It amy also pressure third-party players, like media outlets and online directories, to limit access to Polymarket links.

However, French users may still circumvent this by using virtual private networks (VPNs). This is because Polymarket’s crypto-based infrastructure allows for relatively anonymous participation.

France’s looming ban is not the first regulatory roadblock Polymarket has encountered. In 2022, the US Commodity Futures Trading Commission (CFTC) fined Polymarket $1.4 million for failing to register as a designated contract market. The CFTC also challenged Kalshi’s operations due to questions about betting on political events.

Polymarket’s Fate After US Elections

Meanwhile, the US election was a significant catalyst for Polymarket. It drove the platform to new heights in user engagement and bet volume. Polymarket’s election-related markets have been featured on major financial platforms, including Bloomberg, highlighting the platform’s appeal to mainstream finance.

As BeInCrypto reported, Polymarket’s election betting topped $3 billion, reflecting unprecedented participation. The platform, however, faces a crossroads in its path forward. Following the climax of the US election on Wednesday, data from Dune Analytics shows a steep decline in Polymarket’s activity.

Daily active addresses and transaction volumes, which soared in the election lead-up, have notably dwindled as election-related betting winds down. For instance, Polymarket’s open interest, a key indicator of active betting engagement, dropped from $350 million to $268 million after the polls closed. Similarly, monthly new accounts have also dropped by over 41% between October and November.

Polymarket Monthly New Accounts
Polymarket Monthly New Accounts. Source: Dune

Against this backdrop, Polymarket may need to diversify its market offerings or potentially embrace a new model to maintain user interest. This is considering election-related activity comprised the majority of the prediction market’s volume.

Rumors are circulating about a potential move toward a decentralized governance token, which could distribute control over Polymarket’s operations to its community. This shift would reduce the liability of the central authority by decentralizing decision-making, though it remains theoretical, with no clear timeline.

Read More: How To Use Polymarket In The United States: Step-by-Step Guide

Polymarket’s fast ascent and regulatory challenges highlight broader industry tensions between innovation and compliance. With election predictions no longer a draw and an impending ban in France, Polymarket’s future remains uncertain.

Its long-term viability may depend on how well it adapts to evolving regulatory landscapes and whether it can maintain popularity beyond election season peaks.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.



Source link

Continue Reading

Market

XRP Price Ready to Rally? Signs Point to a Bullish Move

Published

on


Aayush Jindal, a luminary in the world of financial markets, whose expertise spans over 15 illustrious years in the realms of Forex and cryptocurrency trading. Renowned for his unparalleled proficiency in providing technical analysis, Aayush is a trusted advisor and senior market expert to investors worldwide, guiding them through the intricate landscapes of modern finance with his keen insights and astute chart analysis.

From a young age, Aayush exhibited a natural aptitude for deciphering complex systems and unraveling patterns. Fueled by an insatiable curiosity for understanding market dynamics, he embarked on a journey that would lead him to become one of the foremost authorities in the fields of Forex and crypto trading. With a meticulous eye for detail and an unwavering commitment to excellence, Aayush honed his craft over the years, mastering the art of technical analysis and chart interpretation.
As a software engineer, Aayush harnesses the power of technology to optimize trading strategies and develop innovative solutions for navigating the volatile waters of financial markets. His background in software engineering has equipped him with a unique skill set, enabling him to leverage cutting-edge tools and algorithms to gain a competitive edge in an ever-evolving landscape.

In addition to his roles in finance and technology, Aayush serves as the director of a prestigious IT company, where he spearheads initiatives aimed at driving digital innovation and transformation. Under his visionary leadership, the company has flourished, cementing its position as a leader in the tech industry and paving the way for groundbreaking advancements in software development and IT solutions.

Despite his demanding professional commitments, Aayush is a firm believer in the importance of work-life balance. An avid traveler and adventurer, he finds solace in exploring new destinations, immersing himself in different cultures, and forging lasting memories along the way. Whether he’s trekking through the Himalayas, diving in the azure waters of the Maldives, or experiencing the vibrant energy of bustling metropolises, Aayush embraces every opportunity to broaden his horizons and create unforgettable experiences.

Aayush’s journey to success is marked by a relentless pursuit of excellence and a steadfast commitment to continuous learning and growth. His academic achievements are a testament to his dedication and passion for excellence, having completed his software engineering with honors and excelling in every department.

At his core, Aayush is driven by a profound passion for analyzing markets and uncovering profitable opportunities amidst volatility. Whether he’s poring over price charts, identifying key support and resistance levels, or providing insightful analysis to his clients and followers, Aayush’s unwavering dedication to his craft sets him apart as a true industry leader and a beacon of inspiration to aspiring traders around the globe.

In a world where uncertainty reigns supreme, Aayush Jindal stands as a guiding light, illuminating the path to financial success with his unparalleled expertise, unwavering integrity, and boundless enthusiasm for the markets.



Source link

Continue Reading

Market

Solana (SOL) Rallies Strongly, Setting Sights on $200

Published

on


Solana started a fresh increase above the $172 support zone. SOL price is rising and might soon aim for a move toward the $200 level.

  • SOL price started a fresh increase after it settled above the $165 level against the US Dollar.
  • The price is now trading above $172 and the 100-hourly simple moving average.
  • There was a break above a key bearish trend line with resistance at $162 on the hourly chart of the SOL/USD pair (data source from Kraken).
  • The pair could continue to rise if it clears the $192 resistance zone.

Solana Price Starts Fresh Rally

Solana price formed a support base and started a fresh increase above the $162 level like Bitcoin and Ethereum. There was a strong move above the $165 and $172 resistance levels.

There was a break above a key bearish trend line with resistance at $162 on the hourly chart of the SOL/USD pair. The price even cleared the $185 level. A high is formed at $192 and the price is now consolidating gains. It is trading above the 23.6% Fib retracement level of the upward move from the $155 swing low to the $192 high.

Solana is now trading above $172 and the 100-hourly simple moving average. On the upside, the price is facing resistance near the $192 level. The next major resistance is near the $195 level.

Solana Price

The main resistance could be $200. A successful close above the $200 resistance level could set the pace for another steady increase. The next key resistance is $212. Any more gains might send the price toward the $220 level.

Another Dip in SOL?

If SOL fails to rise above the $192 resistance, it could start a downside correction. Initial support on the downside is near the $188 level. The first major support is near the $180 level.

A break below the $180 level might send the price toward the $172 zone or the 50% Fib retracement level of the upward move from the $155 swing low to the $192 high. If there is a close below the $172 support, the price could decline toward the $165 support in the near term.

Technical Indicators

Hourly MACD – The MACD for SOL/USD is gaining pace in the bullish zone.

Hourly Hours RSI (Relative Strength Index) – The RSI for SOL/USD is above the 50 level.

Major Support Levels – $188 and $185.

Major Resistance Levels – $192 and $200.



Source link

Continue Reading

Trending

Copyright © 2024 coin2049.io