How they stole millions of dollars from Liquid cryptocurrency exchange without getting caught?

Representatives of Liquid, a Tokyo-based cryptocurrency exchange platform, have revealed that a hacking group managed to compromise its servers and steal digital assets equivalent to about $94 million USD: “We are investigating the incident and will provide regular updates. In the meantime, all operations will be suspended,” the company posted on its Twitter profile.

Representatives of the platform mention that this incident took place after threat actors took control of some “warm wallets”, a term referring to cryptocurrency accounts that exchange platforms hold a certain amount as guarantee funds.

As a security measure, Liquid is transferring the remaining funds to “cold wallets” (cryptocurrency wallets without internet connection). Security teams on the platform are also working to drive attackers out of their networks. Liquid is posting updates of the incident through its Twitter account, in addition to sharing the compromised cryptocurrency addresses.

In this regard, blockchain analytics firm Elliptic mentions that the prices of many of the cryptocurrencies fell sharply after news about the attack began to spread: “This includes $45 million USD in Ethereum tokens transferred to decentralized exchange platforms (DEX) such as Uniswap and SushiSwap,” the researchers mention. Apparently, this allows hackers to avoid severe devaluation of assets.

This is the second high-profile security breach detected in Liquid. In late 2020, a hacking group managed to compromise the platform’s DNS servers, gaining full control of its DNS infrastructure. The hackers behind this incident tried to impersonate company employees to collect sensitive information and access users’ funds, although the attack proved unsuccessful.

In addition to previous attacks on Liquid, this incident comes just days after the massive engagement at Poly Networks that resulted in the theft of more than $600 million usd in virtual assets. Although the attackers returned a large portion of the stolen cryptocurrencies, the victims had to pay a reward so that the vulnerability exploited in this attack would not be revealed.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.