Market
The Survival Story of FixedFloat
In February, the decentralized cryptocurrency exchange FixedFloat experienced a drainer attack, resulting in the loss of over $26 million worth of Bitcoin (BTC) and Ethereum (ETH). By late March, the exchange suffered a second exploit, leading to an additional loss of $2.8 million.
A few months later, FixedFloat shared the details of these incidents and ongoing investigation with BeInCrypto.
FixedFloat has been hacked twice this year. How did this happen?
The first hack occurred on the night of February 16-17. This was an external attack caused by vulnerabilities in our security structure. A hacker exploited a vulnerability in our security and was able to gain access to some of FixedFloat’s functions. The second breach took place on March 31, where the hacker exploited a vulnerability in a third-party service we were using at the time.
Was the second hack committed by the same hacker who committed the previous hack, or was it a different attacker?
We believe the same hacker committed both hacks because the attacks originated from the same IP address. We cannot provide all the details at the moment. However, we can report that hackers possess a large number of compromised servers.
On some of these servers, they have deployed the infrastructure for attacks. They likely did not store evidence on their own devices, instead using third-party servers. The hackers utilized numerous unique IP addresses; however, some were used to launch both attacks.
Do you have information about who exactly is behind the hacks?
We have been using Time4VPS hosting for a long time. This is a fairly large web hosting provider in Europe, operating since 2012. We chose Time4VPS for our purposes, since this hosting offers fairly cheap servers with low performance. This was a convenient and profitable option for implementing some technical solutions at the initial stage of development of our project.
Over the past years, we have migrated our subservers and wallets. At the beginning of 2024, several low-power nodes with wallets and some subsystems remained on the Time4VPS server. After the first hack, the hacker discovered the IP address of one of our technical servers rented from Time4VPS.
How did the hacker use the information?
The hacker logged into all our servers, rented from Time4VPS hosting, simultaneously, despite knowing only one IP address. We immediately changed all passwords on servers and accounts, but the hacker quickly changed the passwords again. We found a solution to prevent server authorization and started transitioning from this hosting provider.
However, the hacker gained access to all hoster functions, including global access to all servers, rendering our solutions ineffective. The hacker changed the account email to an invalid one, preventing us from logging in or receiving password change notifications. They connected to the servers without authorization.
At this point, we realized the need to destroy the servers and remove them from the whitelists immediately. Our delay in doing so allowed the hacker to send requests that enabled them to steal funds.
Have you contacted Time4VPS support?
On March 31, immediately after discovering unauthorized access to our servers, we contacted Time4VPS to report the hack. We were extremely surprised by their inaction. Technical support informed us that the technicians had the day off and could not assist us. The following day, the Time4VPS team remained inactive. They merely advised us to change the passwords on our account.
We eventually convinced them to verify that certain actions could not be performed through their personal account. Only then did they confirm the hack and promise to provide a report on the incident the next day.
Have you received a hack report from Time4VPS?
More than three months have passed, and there is still no report from Time4VPS. Instead, they requested that we provide some documents through their system. We refused because Time4VPS representatives have not confirmed that they found and fixed the vulnerability. Their demands have created the risk of another information leak.
We agreed to cooperate only with the direct involvement of law enforcement or after they confirmed the vulnerability had been corrected. Additionally, our lawyer was prepared to provide the necessary documents directly at the company’s office to receive reports and assistance. However, Time4VPS management rejected this offer.
Why do you think Time4VPS was inactive at the time of the hack and did not provide assistance after it?
We do not exclude the possibility that a hoster’s employee could have facilitated the hacking. However, we are more inclined to believe that Time4VPS and the Lithuanian company behind it are simply careless. We believe the hoster’s critical vulnerabilities remain unfixed, leaving all their clients’ data unprotected from hacker attacks.
Did the hack impact your customers?
This incident caused problems not only for us but also for our users. As soon as we detected the hack, we turned off FixedFloat and suspended all ongoing exchanges.
FixedFloat is an automated, non-custodial, centralized cryptocurrency exchange service, so we don’t store our users’ funds. Additionally, FixedFloat is not a cryptocurrency mixer. We send funds to exchanges only from our addresses, and this information is public.
Due to the hack, we had obligations to clients who made exchanges at that time. We have since fulfilled all obligations to our users, and completed all orders that stopped due to the service outage. Only our service suffered from the hacking and theft of funds.
What measures did you take after the hack?
The first breach was due to a security vulnerability, which we have since fixed. Unfortunately, we did not anticipate an attack from third parties. Following the second hack, our service was under maintenance for over two months. During this period, our specialists worked extensively to enhance our infrastructure and protect against such attacks.
We have radically revised our security system. This included conducting a comprehensive audit, implementing additional security measures, and improving our threat detection and prevention systems.
Have you completed the technical work?
Yes, FixedFloat has resumed operations. Most cryptocurrencies are already available for exchange, and our specialists are working on adding new currencies. We have been providing high-quality, convenient, and fast cryptocurrency exchange services for six years, and we intend to continue our work.
From a hack survivor perspective, can you give a few recommendations to other platforms and its users on how to increase security?
As a service that has experienced two hacks for different reasons, we’d recommend the following:
- Conduct frequent audits of your security systems. Identify and address all vulnerabilities promptly.
- Plan for Provider Vulnerabilities. The second hack exploited a vulnerability in our hosting provider, Time4VPS. Platforms should anticipate such scenarios and have a robust procedure for dealing with service provider hacks.
- Always prioritize user safety. Implement strict security measures and protocols to protect user data and funds.
What steps are you taking to regain the trust of your users following these accidents?
We are actively engaging with our users through various communication channels, including social networks and forums. This allows us to inform them about the changes we have made. Currently, not all users are aware that FixedFloat has resumed operations, but we are working to spread this information.
We understand that many were concerned about the hack’s impact on our users. However, we emphasize that we are a non-custodial service and do not store user funds. Orders that were not fulfilled due to the emergency shutdown have been completed. At present, we have no financial obligations to our users.
Disclaimer
In compliance with the Trust Project guidelines, this opinion article presents the author’s perspective and may not necessarily reflect the views of BeInCrypto. BeInCrypto remains committed to transparent reporting and upholding the highest standards of journalism. Readers are advised to verify information independently and consult with a professional before making decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
According to a new report from Pine Analytics, token deployers on Pump.fun systematically funded sniper wallets to buy their own meme coins. This impacted over 15,000 token launches on the platform.
These sniper wallets operated primarily during US trading hours, executing standardized, profitable strategies. Unrelated bot activity obscures their behavior, making it extremely difficult to isolate these wallets—and they can readily adapt to new countermeasures.
Snipers Roam Free on Pump.fun Meme Coins
Pump.fun has remained one of the most popular meme coin launchpads on Solana despite persistent controversies and other criticism.
However, Pine Analytics’ new report has uncovered a new controversy, discovering systematic market manipulation on the platform. These snipes include as much as 1.75% of all launch activity on Pump.fun.
“Our analysis reveals that this tactic is not rare or fringe — over the past month alone, more than 15,000 SOL in realized profit was extracted through this method, across 15,000+ launches involving 4,600+ sniper wallets and 10,400+ deployers. These wallets demonstrate unusually high success rates (87% of snipes were profitable), clean exits, and structured operational patterns,” it claimed.
Solana meme coin deployers on Pump.fun follow a consistent pattern. They fund one or more sniper wallets and grant them advance notice of upcoming token launches.
Those wallets purchase tokens in the very first block and then liquidate almost immediately—85% within five minutes and 90% in just one or two swap events.
Pump.fun meme coin developers exploit this tactic to create the appearance of immediate demand for their tokens. Retail investors, unaware of the prior sell‑off, often purchase these tokens after the snipe, giving developers an unfair advantage. This constitutes market manipulation and erodes trust in the platform.
Pine Analytics had to carefully calibrate its methods to identify genuine snipers. Apparently, 50% of meme coin launches on Pump.fun involve sniping, but most of this is probably bots using the “spray and pray” method.
However, by filtering out snipers with no direct links to developer wallets, the firm missed projects that covered their tracks through proxies and burners.
In other words, the meme coin community does not have adequate defenses against systematic abuse on Pump.fun. There are a few possible ways that the platform could flag repeat offenders and sketchy projects, but adaptive countermeasures could defeat them. This problem demands persistent and proactive action.
Unfortunately, it may be difficult to enact such policies. Meme coin sniping is so systematic that Pump.fun could only fight it with real commitment.
Analysts think that building an on-chain culture that rewards transparency over extraction is the best long-term solution. A shift like that would be truly seismic, and the meme coin sector might not survive it.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Solana (SOL) continues to show strength across multiple fronts, maintaining a bullish structure on its Ichimoku Cloud chart while gaining momentum in key market metrics. The BBTrend indicator has turned higher again, signaling renewed buying pressure after a brief cooldown.
On-chain activity remains strong, with Solana leading all blockchains in DEX volume and dominating fee generation thanks to the explosive growth of meme coins and launchpad activity. With SOL now trading above a key resistance level, the path is open for further upside—though a loss of momentum could still trigger a retest of lower supports.
Solana Maintains Bullish Structure, but Momentum Faces Key Test
On Solana’s Ichimoku Cloud chart, the price is currently above the Kijun-sen (red base line) but has dipped below the Tenkan-sen (blue conversion line), signaling weakening short-term momentum.
The flattening Tenkan-sen and price behavior suggest possible consolidation or the early stages of a pullback. Still, with the price holding above the Kijun-sen, medium-term support remains intact.
The overall Ichimoku structure remains bullish, with a thick, rising cloud and leading span A well above span B—indicating strong underlying support.
If Solana finds support at the Kijun-sen and climbs back above the Tenkan-sen, the uptrend could regain strength; otherwise, a test of the cloud’s upper boundary may follow.
Meanwhile, Solana’s BBTrend is currently at 6, extending nearly ten days in positive territory after peaking at 17.5 on April 14. The recent increase from 4.26 to 6 suggests renewed bullish momentum following a brief cooldown.
BBTrend, or Bollinger Band Trend, tracks the strength of price movement based on Bollinger Band expansion.
Positive values like the current one point to an active uptrend, and if the BBTrend continues to rise, it could signal stronger momentum and potential for another upward move.
Solana Dominates DEX Volume and Fee Generation as Meme Coins Drive Ecosystem Growth
Solana has once again claimed the top spot among all chains in DEX volume, recording $15.15 billion over the past seven days. The combined total of Ethereum, BNB, Base, and Arbitrum reached $22.7 billion.
In the last 24 hours alone, Solana saw $1.67 billion in volume, largely fueled by its booming meme coin ecosystem and the ongoing launchpad battle between PumpFun and Raydium. Adding to this good momentum, Solana recently surpassed Ethereum in Staking Market Cap.
When it comes to application fees, Solana’s momentum is just as clear. Four of the top ten fee-generating apps over the past week—PumpFun, Jupiter, Jito, and Meteora—are Solana-focused.
Pump leads the pack with nearly $18 million in fees alone.
Solana Breaks Key Resistance as Uptrend Targets Higher Levels, but Risks Remain
Solana has finally broken above its key resistance at $136, flipping it into a new support level that was successfully tested just yesterday.
Its EMA lines remain aligned in a bullish setup, suggesting the uptrend is still intact.
If this momentum continues, SOL price could aim for the next resistance zones at $147 and $152—levels that, if breached, open the door to a potential move toward $179.
The current structure favors buyers, with higher lows and strong support reinforcing the trend.
However, if momentum fades, a retest of the $136 support is likely.
A breakdown below that level could shift sentiment, exposing Solana to deeper pullbacks toward $124 and even $112.
Disclaimer
In line with the Trust Project guidelines, this price analysis article is for informational purposes only and should not be considered financial or investment advice. BeInCrypto is committed to accurate, unbiased reporting, but market conditions are subject to change without notice. Always conduct your own research and consult with a professional before making any financial decisions. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
According to a new report, 15 firms and individuals from the crypto industry donated more than $100,000 to President Trump’s Inauguration, totaling over $85 million.
Almost all of these companies apparently received direct or indirect benefits from Trump’s administration. This includes dropped legal proceedings, lucrative business partnerships, participation in Trump’s Crypto Summit, and more.
Crypto Industry Went All-In on Trump’s Inauguration
Since promising to bring friendlier regulations on the campaign trail, Donald Trump attracted a reputation as the Crypto President.
Trump’s Inauguration festivities included a “Crypto Ball,” and several prominent firms made donations for these events. Today, a report has compiled all crypto-related contributions of over $100,000, revealing some interesting facts.
Since taking office, President Trump and his family have been allegedly involved in prominent crypto controversies, and these donations may be linked to several of them.
For example, eight of the donors, Coinbase, Crypto.com, Uniswap, Yuga Labs, Kraken, Ripple, Robinhood, and Consensys, had SEC investigations or lawsuits against them closed since Trump’s term began.
The commission might have dropped its probe against these companies anyway due to its changing stance on crypto enforcement. However, being in the President’s good books likely helped the process.
Further Alleged Benefits for Donors
In other words, nearly half the firms that made donations to Trump’s Inauguration have seen their legal problems cleared up quickly. This isn’t the only regulation-related benefit they allegedly received.
Circle, for example, recently made an IPO after openly stating that Trump’s Presidency made it possible. Galaxy Digital received SEC approval for a major reorganization, a key step for a NASDAQ listing.
Other donors, such as Crypto.com and ONDO, got more direct financial partnerships with businesses associated with the Trump family.
Previously, Ripple’s CEO, Brad Garlinghouse, anticipated a crypto bull market under Trump. Also, XRP, Solana, and Cardano were all unexpectedly included in the US Crypto Reserve announcement.
All three of these companies made major donations to Trump’s Inauguration.
It seems that most of the firms involved got at least some sort of noticeable benefit from these donations. Donors like Multicoin and Paradigm received invitations to Trump’s Crypto Summit, while much more prominent groups like the Ethereum Foundation got snubbed.
Meanwhile, various industry KOLs and community members have already alleged major corruption in Trump’s crypto connections.
While some allegations might lack substantial proof, the crypto space has changed dramatically under the new administration, for both good and bad.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Report Alleges Massive Meme Coin Sniping on Pump.fun
Solana Leads Blockchain Metrics as SOL Momentum Builds
Crypto Firms Donated $85 million in Trump’s Inauguration
Ethereum to Emphasize Layer-1 Efficiency and UX in Upcoming Protocol Upgrades
XRP Surpasses Ethereum In This Major Metric After Outperforming For 6 Months
PumpFun Moves $13M SOL To Kraken as Solana Price Consolidates, What Next?
2.52 Million Altcoins Are Ruining Crypto’s Future
Animoca Brands Valuation Tanks 75% In Two Years, Here’s Why
Crypto exchange BingX hacked for $43 million
Are The Big Players Losing Interest?
Hong Kong’s Securities Association Tips Authorities On Crypto Self-Regulation
Coinbase cbBTC Set to go Live on Solana
2.52 Million Altcoins Are Ruining Crypto’s Future
Animoca Brands Valuation Tanks 75% In Two Years, Here’s Why
Crypto exchange BingX hacked for $43 million
Are The Big Players Losing Interest?
Hong Kong’s Securities Association Tips Authorities On Crypto Self-Regulation
