Liquid Crypto Exchange Suffers $97 Million Loss in Hack

Following a hacker raid on its systems, Japanese cryptocurrency exchange Liquid lost $97 million in crypto assets.

In a tweet, the firm said that its hot wallets were compromised, and it is moving assets into cold wallets. "We are currently investigating and will provide regular updates. In the meantime, deposits and withdrawals will be suspended,” the firm said.

It added in a follow-up tweet that it had found four blockchain addresses, in Bitcoin, Ethereum, Tron, and XRP, associated with the hacker.

According to Elliptic's analysis, the thief’s accounts have received just over $97 million in crypto assets. The amount includes $45 million in Ethereum tokens, which the hacker is converting to Ether using decentralized exchanges (DEXs), such as Uniswap and SushiSwap. 

“This enables the hacker to avoid having these assets frozen - as is possible with many Ethereum tokens,” the firm said.

James McQuiggan, security awareness advocate at KnowBe4, told ITPro that criminals continue to target systems and networks where the money is stored. If it is digital, it can be hacked. 

“Unfortunately, with another cryptocurrency exchange successfully attacked for the second time this week, this can only be a sign of things on the horizon for these exchange companies,” he said.

“Users of cryptocurrency want to ensure not to put all of their funds into one type of currency and, for more significant amounts, keep them in an offline or cold wallet to prevent theft via the exchanges. While this might seem like keeping your cash funds in the mattress at home instead of the bank, there are currently no Federal Deposit Insurance agencies to protect against your crypto funds and the exchange organizations."

Antti Tuomi, principal security consultant at F-Secure, told ITPro that from an attacker's point of view, cryptocurrency exchanges are a very appealing target since a successful breach net them a lot of capital from the users. Plus, compared to normal currency and banks, mechanisms for preventing fraud or tracing or stopping crypto transactions are either not in place or not possible to implement at the same level.

“Regardless of the exchange in question, online wallets will always be at a risk; at the same time, switching to true cold wallets that are not connected to the online system other than when authorized by the wallet owner, is very difficult to achieve with an online service without compromising on the "always-online" principle while relying on technology alone. Regardless of the cryptocurrency in question or the exchange or its geographical location, the risk with online systems and always-online wallets will always be present,” Tuomi said.