Crypto-exchange Liquid loses $94 million in latest breach

Liquid, a popular Tokyo-based cryptocurrency exchange, confirmed that hackers have breached its internal servers. Reports suggest that the hackers have stolen crypto-assets that are estimated to be around the tune of $94 million at today’s exchange rates.

As seen in the tweet above, Liquid has stated that they are currently investigating the matter and will provide regular updates about the situation. They have also suspended deposits and withdrawals for the time being. “Warm” wallets are those wallets maintained by crypto exchanges for daily transactions. Liquid has transferred all its funds to its “cold” wallet to prevent any further loss of assets.

In their follow-up tweet, they have provided the addresses for the various cryptocurrencies that have been taken by the hackers, showing that they are actively tracking the movement of the hackers. The 4 cryptocurrencies mentioned in this tweet are Bitcoin, Ethereum, Tron, and XRP – all being the cryptocurrencies associated with the hackers.

You may also like: Solana: the real Ethereum killer?

Exact Value of assets from Liquid Breach

PreviewTech looked up the Bitcoin address from the above tweet and found that around 107.5 BTC is linked with this address. This address alone points to a valuation of close to $4.8 million. Whereas the Ethereum address shows a balance of around 14,943 Ether which, at $2,988.15/ETH, gives us a valuation of close to $45 million, at the time of writing this article.

According to Elliptic, a blockchain analysis firm, the accounts that have been identified as that of the hackers have received just over $97 million in crypto assets. This includes the $45 million in Ethereum tokens that are currently being converted to Ether using decentralized exchanges such as SushiSwap and Uniswap. The hackers have been doing this to prevent their Ethereum tokens from being frozen.

As seen in the second image above, most of the addresses identified as that of the hackers, have been marked to indicate that these are the same funds obtained from the Liquid breach by the hackers. Liquid has also been releasing regular updates about the situation through its Twitter handle.

Elliptic has also said that they have added the addresses associated with the hackers to their system and will intimate their clients if any funds related to the breach come their way.

“Elliptic has added the addresses associated to the thief to our system, ensuring that our clients will be alerted if they receive any of these funds. Our investigators are also aiding Liquid with tracking the stolen funds.”

via a blog post released by Elliptic today

Other popular crypto exchanges such as KuCoin have shown their support to Liquid by promptly blacklisting all the known addresses of the hackers responsible for the breach.

Not the first time

The Liquid breach that took place earlier today is not the firm time the Japanese crypto exchange has faced a major security breach. On November 13^th, 2020, an unknown threat actor gained access to Liquid’s DNS (Domain Name System) infrastructure. The malicious actor used social engineering to manipulate Liquid’s DNS Provider, GoDaddy, to transfer control of account and domain.

After gaining control of Liquid’s DNS infrastructure, the actor had the ability to change DNS records, which led to the actor taking control of a lot of internal email accounts. In Liquid’s statement about the November 2020 breach, they also mention that the actor also gained access to document storage.

“We believe the malicious actor was able to obtain personal information from our user database.  This may include data such as your email, name, address and encrypted password. “

via the Liquid statement about the November 2020 breach

As for today’s breach, Liquid has released a “Warm wallet incident report”, which gives an in-depth look into what transpired on their servers earlier today. They have also warned their users against depositing any crypto assets to their personal Liquid wallets until further notice.

The report states that 69 different cryptocurrencies have been “misappropriated” and sent to other exchanges and defi swapping venues. They have also mentioned that $16.13 million worth of Ethereum tokens that were taken in the breach have been frozen and disabled for on-chain movement.