Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting losses of funds due to an exploit of the platform’s ERC-20 hot wallet.
Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Aug. 28 between 6 p.m. and 7 p.m. UTC, resulting in the transfer of 295 different ERC-20 tokens.
According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Aug. 30.
Shortly after detecting abnormal hot wallet transactions, Bilaxy suspended its website to take emergency measures and move “hundreds of tokens” from its hot wallet to cold wallets in order to secure the assets.
In a separate Telegram update, Bilaxy asked its customers to stop deposits to the platform. Bilaxy’s website does not provide any further information other than a temporary system maintenance notice and a link to the platform’s Telegram channel.
Bilaxy has not announced the dollar value of assets stolen by the hacker. Some unconfirmed reports speculated that the exchange could have lost up to $450 million.
According to an update from decentralized finance protocol Hoge Finance, the attack involved a hack and transfer of nearly 300 cryptocurrencies including Tether (USDT), USD Coin (USDC), Uniswap (UNI), and others. Hoge Finance said that nearly all 1 billion HOGE tokens ($22 million) stored on Bilaxy were already drained from the exchange and sent to another wallet.
Related: Beleaguered DeFi project xToken suffers second major exploit since May
Bilaxy did not immediately respond to Cointelegraph’s request for comment. The exchange told customers that it will collaborate with security institutions and law enforcement to provide security audits and launch an investigation.
According to data from crypto tracking website CoinMarketCap, Bilaxy was launched in 2018 and is registered in the Republic of Seychelles. At the time of writing, the exchange’s Twitter account has over 25,000 followers.
The news comes as the Liquid exchange gradually recovers from a nearly $100 million hack that took place in mid-August. On Aug. 29, Liquid resumed deposits and withdrawals for several cryptocurrencies including ERC-20 and Stellar-based USDC, Dai (DAI) and GYEN.
Source: Read Full Article