FixedFloat Exchange Hacked for $26 Million in Bitcoin and Ethereum as Security Gaps Exposed

By /
LinkedInMessengerRedditTelegramThreadsWhatsApp

The cryptocurrency community grapples with yet another major security breach on February 18, 2024, as decentralized exchange FixedFloat confirms a hack resulting in the theft of approximately $26.1 million worth of Bitcoin and Ethereum. The incident raises fresh concerns about the security of non-custodial trading platforms and the persistent vulnerabilities in the broader crypto ecosystem, even as Bitcoin consolidates above $52,000 and market sentiment remains firmly in greed territory.

TL;DR

  • FixedFloat hacked for $26.1 million: 409 BTC ($21.1M) and 1,728 ETH ($4.85M) stolen
  • The exchange initially dismissed user complaints as “minor technical problems” before confirming the exploit
  • Blockchain security researchers track stolen funds being laundered through eXch.cx and HitBTC
  • FixedFloat is known for its no-KYC, no-registration policy — a feature that ironically makes it popular with hackers
  • The hack occurs as the global crypto market cap stands at $1.96 trillion with a Fear and Greed Index reading of “Greed”

The FixedFloat Exploit: What Happened

On February 17, 2024, users of FixedFloat began reporting that their transactions were not being processed. The exchange, which facilitates automated cryptocurrency swaps without requiring user registration or Know Your Customer verification, initially attributed the disruptions to routine maintenance. The team switched the platform to maintenance mode and assured users that the issues were minor.

However, on-chain data told a dramatically different story. Blockchain monitoring services identified a suspicious address that drained 409 Bitcoin from FixedFloat’s wallets, worth approximately $21.1 million at the time. Simultaneously, an attacker siphoned 1,728 Ether from the platform’s Ethereum reserves, valued at around $4.85 million. The total losses quickly mounted to $26.1 million.

Cyvers Alerts, a blockchain security monitoring service, was among the first to flag the suspicious activity, tracing the Ethereum-side exploit from FixedFloat’s wallet to an attacker-controlled address and then to the eXch exchange. The full extent of the breach became clear as on-chain investigators pieced together the timeline of the attack.

FixedFloat Confirms the Hack

After hours of user complaints and growing on-chain evidence, FixedFloat finally issued a public statement on February 18 acknowledging the breach. “We confirm that there was indeed a hack and theft of funds,” the exchange posted on social media. “We are not yet ready to make public comments on this matter, as we are working to eliminate all possible vulnerabilities, improve security, and investigate.”

The delayed disclosure drew criticism from the crypto community, with many users questioning why the exchange did not immediately alert customers to the potential compromise. The initial response — characterizing the disruption as minor technical problems — left affected users in the dark about the true nature of the incident during critical hours when stolen funds were already being moved.

Blockchain security researchers, including independent investigator Somaxbt, tracked the attacker laundering the stolen funds through at least two cryptocurrency exchanges: eXch.cx and HitBTC. The movement of funds through these platforms suggests an effort to obscure the trail and convert the stolen assets into other cryptocurrencies or fiat.

The Irony of FixedFloat’s No-KYC Model

The hack carries a deeply ironic dimension. FixedFloat has long been a popular tool for cybercriminals seeking to launder stolen cryptocurrency, precisely because of its no-registration, no-KYC policy. The platform’s ease of use and anonymity features made it an attractive option for bad actors looking to quickly swap stolen assets across different blockchains.

In a notable previous case, a hacker who stole approximately $3 million worth of Avalanche’s native token AVAX from the Web3 social media app Stars Arena in October 2023 used FixedFloat to launder the proceeds. The exchange’s role as both victim and facilitator of crypto crime highlights the complex challenges that regulators and security professionals face in the decentralized finance ecosystem.

The incident is likely to intensify regulatory scrutiny of non-custodial exchanges and automated swap services. As global regulators increasingly focus on anti-money laundering and counter-terrorism financing measures within the crypto industry, platforms like FixedFloat that operate without KYC requirements face growing pressure to implement stronger safeguards — or risk being targeted for enforcement action.

Market Resilience Despite the Breach

Despite the significant hack, the broader cryptocurrency market shows remarkable resilience. Bitcoin holds steady above $52,000, with analysts characterizing the price action as consolidation rather than a sign of weakness. The global cryptocurrency market capitalization stands at approximately $1.96 trillion, reflecting a 0.9% increase over the previous day. The Cryptocurrency Fear and Greed Index flashes “Greed,” indicating that investor sentiment remains strongly positive even in the face of yet another security incident.

This market resilience suggests that the crypto ecosystem has matured to the point where individual exchange hacks, while still significant, no longer trigger the kind of panic-driven sell-offs that characterized earlier market cycles. However, the FixedFloat incident serves as a stark reminder that security remains a fundamental challenge for the industry.

Why This Matters

The FixedFloat hack underscores a persistent tension in the cryptocurrency space: the trade-off between accessibility and security. Non-custodial, no-KYC platforms offer genuine utility for privacy-conscious users, but they also create fertile ground for exploitation by malicious actors. The fact that FixedFloat itself became a victim of the very anonymity features that made it attractive to criminals illustrates the double-edged nature of decentralized finance.

For regulators, the incident adds fuel to the argument that minimum security and compliance standards should apply to all cryptocurrency service providers, regardless of their operational model. For users, it serves as a reminder that even platforms designed for privacy and autonomy carry real risks, and that due diligence remains essential in the crypto space. As the market continues its upward trajectory, the security challenge is one that the industry must solve if it hopes to sustain its current momentum.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk. Always conduct your own research before making investment decisions.

🌱 FOR BUSINESSES BitcoinsNews.com
Reach 100K+ Crypto Readers
Sponsored content, press releases, banner ads, and newsletter placements. Put your brand in front of Bitcoin's most engaged audience.

4 thoughts on “FixedFloat Exchange Hacked for $26 Million in Bitcoin and Ethereum as Security Gaps Exposed”

  2. Kenji Kovalenko

    409 BTC and 1,728 ETH stolen and they initially called it “minor technical problems.” Classic cover-your-ass move.

    Reply
  3. 0xfixedflop.eth

    stolen funds moving through eXch.cx and HitBTC within hours. the laundering infrastructure is as efficient as the hacks themselves smh

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

BTC$80,790.00-1.8%ETH$2,325.06-3.6%SOL$89.02-0.6%BNB$647.59+0.0%XRP$1.41-2.7%ADA$0.2667-1.6%DOGE$0.1109-4.5%DOT$1.31-0.9%AVAX$9.55-1.9%LINK$9.98-1.9%UNI$3.46-1.9%ATOM$1.92-1.3%LTC$56.82-1.5%ARB$0.1272+1.9%NEAR$1.47+1.8%FIL$1.09-2.8%SUI$0.9869-3.9%BTC$80,790.00-1.8%ETH$2,325.06-3.6%SOL$89.02-0.6%BNB$647.59+0.0%XRP$1.41-2.7%ADA$0.2667-1.6%DOGE$0.1109-4.5%DOT$1.31-0.9%AVAX$9.55-1.9%LINK$9.98-1.9%UNI$3.46-1.9%ATOM$1.92-1.3%LTC$56.82-1.5%ARB$0.1272+1.9%NEAR$1.47+1.8%FIL$1.09-2.8%SUI$0.9869-3.9%
Scroll to Top