Liquid Global Crypto Exchange Hacked, $90 million stolen

On August 19, over $90 million, worth of assets, had been removed from the Liquid Global crypto exchange. Kucoin has responded by blacklisting the addresses that received the stolen funds.

The Hack and Response

Japanese crypto exchange Liquid has been hacked. About $90 million in digital assets siphoned off the platform during the exploit.

The exchange confirmed the exploit in a tweet. It also revealed the wallet addresses of the perpetrator(s). The exchange observed that only its warm wallets were affected and added that its assets were moving into cold storage.

The following assets had been transferred to hacker's following addresses (Further investigation to come):
BTC: 1Fx1bhbCwp5LU2gHxfRNiSHi1QSHwZLf7q
ETH/EWT: 0x5578840aae68682a9779623fa9e8714802b59946
TRX: TSpcue3bDfZNTP1CutrRrDxRPeEvWhuXbp
XRP: rfapBqj7rUkGju7oHTwBwhEyXgwkEM4yby

— Liquid Global Official (@Liquid_Global) August 19, 2021

Liquid Global is right now working with other exchanges in a bid to freeze and recover the stolen assets.

Its appeal met a positive response from KuCoin. KuCoin quickly responded to the hack and blacklisted the addresses involved in the attack, according to a tweet from the exchange’s CEO, Johnny Lyu.

Currently, withdrawals and deposits are suspended on the platform owing to the repair works and protection of the remaining funds.

Lost Funds

The attacker removed BTC, ETH, TRX, XRP, and other assets from the platform.

Liquid Global released in a blog post that “69 different crypto assets were misappropriated and sent to other exchanges or DeFi swapping venues.”

Elliptic, a blockchain analytics company, reported that the hacker was able to siphon off BTC worth $4.7, ETH worth $32 million, XRP worth $12.9 million, and other tokens. The total amounts to $97 million.

The Elliptic team also added that the $45 million in Ethereum tokens are being converted into Ether using Decentralized Exchanges (DEXs) such as Uniswap and SushiSwap. This enables the hacker to avoid having these assets frozen – as is possible with many Ethereum tokens.

This is the third such attack this month on DeFi projects.

Earlier in the month, PolyNetwork was attacked and robbed of more than $600 million. But the attacker returned most of the money in what was touted to be the biggest DeFi hack yet.

Just a few days later, DAO Maker’s Strong Holder Offering (SHO) contract was exploited and lost $7 million.

DeFi’s large-scale adoption is pouring a lot of money into it. Now the stakes are way higher than before. The bounty for hackers has also increased. On the other hand, developers have an even more lucrative incentive to write more robust code as their products can earn them way more.