TL;DR#
On February 16, 2024, Fixed Float was exploited on the Ethereum Mainnet and Bitcoin networks, resulting in a loss of 1,728 ETH, worth $5.054 million, and 409 BTC, worth $21.476 million, totaling approximately $26.53 million.
Introduction to Fixed Float#
Fixed Float is a digital asset exchange platform that offers fast, secure, and non-custodial cryptocurrency swapping services.
Vulnerability Assessment#
The root cause of the exploit is rather unknown at the time of this writing.
Incident Analysis#
The exploiter on the Ethereum Mainnet drained approximately 1076.78 ETH and 650 ETH across multiple transactions.
This address of the exploiter was also involved in yet another asset transfer from a Binance Hot Wallet on the Polygon chain.
On Ethereum, the drainer has already transferred most of the stolen ETH to multiple EOAs and then to eXch, which is a centralized mixer, in order to obfuscate the trail of the stolen assets.
This address of the exploiter on Bitcoin made five different transactions of 409.3 BTC, amounting to approximately $21.476 million.
5b77e01a8253b245d0ce3fd9fcfb3dffb88d49396c1a5553848cf1e05be08c68: 3.1 BTC worth $162,697
31538ae0e280c65f2b02916b32d83f4d6f281f2d867e641c274469b416e015c3: 3.1BTC worth $162,776
0fdf2946694046d1109120c67bc8d0c96977aca2f1777dea7841d89a64e42260: 3.1 BTC worth $162,771
15f7ac31837c8dba597f46359857205df1c41573c4bb489b5a81fd058be5da6d: 200 BTC worth $10,494,338
9822616097948dab2048395c4d887dbb1f99273e5cc40de2d86639013588df41: 200 BTC worth $10,494,338
These stolen funds from the Bitcoin network were also sent to three different addresses:
bc1q04yvaefxyan4fuygsv4nr08pxet8ae426dxxf3: 170.85 BTC worth $8,959,341
bc1qp6gjx8par8e83lfqnem5q049x2qfpydfg27tjf: 38.45 BTC worth $2,016,253
bc1qmrqgrusknj7zzhh5r975a7d6espsukgts805ns: 199.99 BTC worth $10,487,662
Aftermath#
Two days after the exploit and following the community disclosure, the team acknowledged the occurrence of the exploit. According to them, they are not yet ready to make public comments on the incident and will be working to investigate and eliminate all possible vulnerabilities. Their services are not available at the time of this writing.
Solution#
In the wake of the Fixed Float exploit that led to the loss of a significant sum of digital assets, a multi-faceted approach is essential for addressing the breach and fortifying against future incidents. A thorough investigation into the incident is the first critical step, with Fixed Float needing to delve deep into their systems to unearth the exploit's origins and other potential vulnerabilities. This task could greatly benefit from the expertise of external cybersecurity specialists, providing fresh perspectives and more sophisticated security solutions.
Enhanced security protocols are paramount. Continuous monitoring for unusual activity and having immediate response mechanisms in place are also key components of a robust security strategy. Transparent communication with users throughout the recovery and investigation process is vital. Fixed Float must keep its users informed with regular updates on the steps being taken to rectify the situation and preventive measures for future security.
Despite following rigorous security measures, the possibility of vulnerabilities being exploited persists. In these scenarios, the role of Neptune Mutual is pivotal. By establishing a dedicated cover pool with Neptune Mutual, the adverse effects of such similar incidents can be significantly mitigated. We specialize in providing coverage against losses due to smart contract vulnerabilities, leveraging parametric policies tailored for these specific risks.
Engaging with Neptune Mutual simplifies the recovery journey for users by removing the need for detailed loss documentation. Once an incident is confirmed and resolved using our detailed incident resolution framework, our focus shifts to quickly compensating and financially supporting affected individuals. This approach ensures rapid assistance for users hit by such security breaches.
Our marketplace extends across multiple leading blockchain platforms, such as Ethereum, Arbitrum, and the BNB chain, catering to a wide range of DeFi participants. This comprehensive network allows us to offer protective measures against various vulnerabilities, enhancing security for our diverse user base.
Reference Source Beosin
