Cryptocurrency exchange EXMO has been hacked by a “massive” DDoS attack, the UK-based firm has confirmed.
The exchange noted that it suffered a distributed denial-of-service (DDoS) assault yesterday (February 15), when its website was unavailable for a couple of hours.
EXMO added that it faced an unusual amount of traffic at 16.10 GMT, with the number of connections temporarily disrupting its activity.
A spokesperson for EXMO told The Daily Swig that while previous DDoS attacks had hacked only the website, this “massive attack” – which drove 30 GB of traffic per second – affected “the whole network infrastructure, including the website, API, Websocket API, and exchange charts”.
The spokesperson said: “So, it’s quite natural for any exchange to be down under these circumstances. The attack was repelled with the help of DDoS protection Qurator. We are now also taking additional security measures.
“EXMO resumed its work yesterday. So basically, we were down just for a couple of hours.
“Unfortunately, with a splash in market activity, which undoubtedly drives a positive change, many negative phenomena are back as well. DDoS, which we’ve faced, is just one of them.”
Normal service has now resumed, said the exchange, though the webpage does state it is undergoing maintenance. The cryptocurrency exchange is seeking to determine the culprit behind the incident.
This news follows another security incident on December 21, 2020, which was about attackers who steal around $4 million in cryptocurrency from EXMO.
Malicious hackers took about 6% of the exchange’s assets. The funds were withdrawn through exchange Poloniex, and so they cannot be returned.
EXMO temporarily suspended withdrawals and deposits, it said in a security update.
The company also said it had reported to incident to UK police and the National Cybersecurity Centre (NCSC).
EXMO said after it got hacked: “We have completely separate server infrastructure for cryptocurrency wallets and all other platform data (production servers). The hack didn’t affect the production server. All information about transactions and clients also remained out of reach for the hackers.
“At this moment, we did checks for all the logs on compromised cryptocurrency servers. As a result, we assume that the hacker got the private keys. And now we are trying to find how it happened.”
EXMO added: “We are working with cybersecurity teams around the world to sort everything out and continue operating in a safe environment.”