Cryptocurrency exchange FixedFloat has been hit by its second security breach in less than two months, with blockchain security firms reporting that approximately $2.8 million was drained from the platform’s hot wallet on the Ethereum chain. The attack, detected early on April 2, 2024, was carried out by the same threat actors responsible for a far larger $26 million hack in February.
The Exploit Mechanics
According to on-chain analysis from Cyvers Alerts, approximately $2.8 million was withdrawn from FixedFloat’s hot wallet on the Ethereum blockchain. The stolen funds included ETH, USDT, WETH, DAI, and USDC, which were immediately converted into Ether through decentralized exchanges before being funneled into the eXch exchange for laundering. CertiK estimated total losses at around $3 million.
FixedFloat confirmed that the attackers exploited a vulnerability in a third-party service provider rather than breaching the exchange’s own infrastructure directly. “The attackers did not stop there and continued to use various methods to try to hack our service again,” the team stated. “Thanks to the enormous work done to improve the security of our infrastructure, we were able to repel some of the attacks, but the exploiters discovered a vulnerability of a third party whose services we use.”
Affected Systems
The compromised hot wallet was the primary system affected. Following the suspicious transactions, FixedFloat immediately ceased hot wallet operations and took the platform’s website into maintenance mode. The exchange reassured users that only company-owned liquidity funds were stolen and that user funds were not impacted.
In a rapid response, Tether blacklisted seven wallet addresses that received a combined $280,000 in USDT from the compromised exchange. Blockchain security firm PeckShield identified and flagged these addresses as part of the broader theft. The February attack had also targeted FixedFloat’s Bitcoin and Ethereum holdings, resulting in a much larger $26 million loss.
The Mitigation Strategy
FixedFloat’s response included several immediate measures. The hot wallet was taken offline, the website entered maintenance mode, and the investigation was launched in coordination with blockchain analytics firms. Tether’s proactive freezing of seven addresses demonstrates the growing role that stablecoin issuers play in crisis response, effectively preventing a portion of stolen funds from being cashed out.
The exchange noted that while attacks on third-party service providers are beyond their direct control, additional security measures are being implemented to prevent similar incidents. However, the fact that the same attacker group successfully breached the platform twice within seven weeks raises serious questions about the adequacy of these improvements.
Lessons Learned
This incident highlights the persistent risk of supply chain and third-party vulnerabilities in cryptocurrency infrastructure. Even when an exchange hardens its own systems, dependencies on external service providers create attack surfaces that remain outside the platform’s direct control. The broader crypto industry lost $187 million to hacks in March 2024 alone, though approximately $99 million of that was eventually recovered.
The rapid response from Tether in blacklisting addresses shows that stablecoin issuers have become an important line of defense in crypto security. However, the effectiveness of such measures depends on speed — funds converted to ETH and moved to external exchanges become far harder to recover.
User Action Required
FixedFloat users should monitor their accounts for any unauthorized activity and enable all available security features, including two-factor authentication. Users who maintain funds on any centralized exchange should consider the security implications of hot wallet storage and evaluate whether cold storage alternatives better suit their risk tolerance. Given that this is the second breach at the same platform within weeks, users may also want to assess whether continuing to use FixedFloat aligns with their security expectations.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making decisions about cryptocurrency platforms.
same group, same method, twice in two months. at what point do you just shut down and rebuild everything from scratch
third party vulnerability is the classic it wasnt us excuse. you chose the vendor, you own the risk
eXch again. that exchange has become the goto laundering spot for every hack in crypto
$2.8M on top of the $26M from February. wonder how many users are left who still trust this platform