The Japanese crypto exchange has since then suspended all account activities including deposits and withdrawals.
Latest Liquid Hack Stole Millions Worth Of Crypto
On August 19, the Japanese crypto exchange Liquid Global revealed on Twitter that their platform has been breached, accompanied by the siphoning off of $74 million in digital assets. Liquid also specified the four wallet addresses that received the stolen funds in Bitcoin, Ethereum, Tron, and XRP. The team also clarified that while the hot wallets were targeted, the cold storage is safe. The team moved all assets to the cold storage following the breach, thus temporarily suspending any depositing and withdrawal activities. The exchange also clarified that investigations are underway, and it will notify the public of any updates.
Unconfirmed Reports Doing The Rounds
According to CoinTelegraph, more than 107 BTC, 9,000,000 TRX, 11,000,000 XRP, and almost $60 million worth of ETH and ERC-20 tokens appear to have been taken by the hackers, of which they are still in possession of around $74 million. However, the Liquid team is yet to confirm this claim.
Liquid’s announcement on Twitter made KuCoin exchange jump into action promptly, by blacklisting the addresses identified by the former.
KuCoin CEO Jonny Lyu tweeted,
“We are aware of the LiquidGlobal security incident, and the hacker’s addresses have been added to the blacklist of KuCoin. Hope everything is OK.”
Further unconfirmed reports suggested that the Ethereum compromised in the hack belonged to crypto yield provider Celsius Network, which had integrated with Liquid back in April.
Previous Liquid Hack Targeted Employee Info
This is not the first time that Liquid Global has fallen to a hack. Back in November 2020, the crypto exchange was targeted by a hacker who gained access to the company’s domain records and took control over employee email accounts, thus compromising the company network.
It is believed that the hacker was able to target the company’s network infrastructure by exploiting weak or reused passwords used to register the company’s domain name and then gaining control to email accounts and systems.
On that occasion, Liquid CEO, Mike Kayamori disclosed the details of the attack, which happened on November 13, 2020, via a blog post,
“We believe the malicious actor was able to obtain personal information from our user database. This may include data such as your email, name, address, and encrypted password.