Incident Comes Just Days After Theft From Poly Network
A hacker stole $97 million in cryptoassets from the Japan-based cryptocurrency exchange Liquid, which announced the breach via Twitter late Wednesday and halted deposits and withdrawals.
See Also: 2021 Unit 42 Ransomware Threat Report
The attack comes just days after a hacker stole $612 million from the crypto platform Poly Network, which has since steadily recovered most of the funds (see: Poly Network Hacker Reportedly Returns Most of Stolen Funds).
Liquid, one of the world’s largest cryptocurrency-fiat exchange platforms, said on Twitter on Thursday that it was tracking the movement of the stolen assets and working with other exchanges to freeze and recover funds.
“We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet [or, offline],” the crypto exchange tweeted. “We are currently investigating and will provide regular updates. In the meantime, deposits and withdrawals will be suspended.”
Liquid said the hacker transferred funds to the following addresses, among others:
- Bitcoin: 1Fx1bhbCwp5LU2gHxfRNiSHi1QSHwZLf7q;
- Ethereum/Energy Web Token: 0x5578840aae68682a9779623fa9e8714802b59946;
- TRON: TSpcue3bDfZNTP1CutrRrDxRPeEvWhuXbp;
- Ripple: rfapBqj7rUkGju7oHTwBwhEyXgwkEM4yby.
In a follow-up blog post, Liquid says it first detected the unauthorized access early Thursday, local time, and confirmed crypto assets had been moved out of Liquid wallets. It notes that $16 million worth of Ethereum assets had been frozen “due to the assistance of the crypto community and other exchanges.”
The company says it is still assessing the technical components of the attack. “During this difficult period, we greatly appreciate the support from our customers, other exchanges, security experts, and the broader crypto community,” it says. “Liquid will continue to do everything in its power to mitigate the impact from this incident and restore full service as soon as possible.”
MPC Wallet Targeted
Blockchain analytics firm Elliptic, which is aiding Liquid in tracking the stolen funds, determined the siphoned tokens were worth nearly $100 million and says $45 million in Ethereum assets were converted into Ether using decentralized exchanges – such as Uniswap and SushiSwap – to avoid having assets frozen.
In a separate Liquid blog post, the exchange said the attack targeted a multiparty computation wallet, which is a cryptographic application where fund-controlling private keys are generated by multiple parties, each of which is unable to see fragments calculated by others.
“The MPC wallet (used for warehousing/delivery management of cryptographic assets) used by our Singapore subsidiary QUOINE PTE was damaged by hacking. … The cold wallet used for segregation management is safe,” the company writes. Liquid’s blog did not provide technical details.
The company could not immediately be reached for additional information on the incident.
Johnny Lyu, CEO of the crypto exchange KuCoin, acknowledged the breach in a tweet late Wednesday, saying, “We are aware of the #LiquidGlobal security incident, and the hacker’s addresses have been added to the blacklist of #KuCoin. Hope everything is OK.”
Update on Poly Network Theft
This week’s attack on Liquid follows a separate incident affecting cross-chain protocol Poly Network, which involved the theft of $612 million in cryptocurrency by a hacker it subsequently dubbed “Mr. White Hat” (see: Poly Network Says $600 Million in Cryptocurrency Stolen).
In the wake of the attack, Poly Network called for the assistance of other crypto exchanges. Some $33 million worth of the stablecoin Tether was frozen following the incident, and within a day, the hacker began communication with the platform and indicated a desire to return the funds.
Cryptocurrency and cybersecurity experts have suggested that the return may not have been as noble as it appears, saying the attacker likely had trouble laundering the assets.
By late last week, all but $238 million of the funds had been returned to the company, which continued pleading with the hacker for a private key to unlock the final multisignature wallet that held the remaining funds. Poly Network then offered “Mr. White Hat” a “bug bounty” of $500,000 in return for apparently exposing critical security weaknesses, but the hacker refused the bounty in a message embedded in an Ethereum transaction.
As Poly Network then continued to urge the hacker to return all funds, it offered him a position within the company as “chief security adviser.”
As of Thursday, the crypto thief returned approximately $427 million, more than two-thirds, of the stolen assets, Poly Network tells Information Security Media Group.
“There is still a long way to go before full control of the assets returns to the users,” Poly Network says in a statement.
The platform confirms that despite not receiving a “positive response,” it paid the $500,000 “bounty” to the cybercriminal. “Hopefully these funds can be used in the future to inspire more security experts to contribute to blockchain security,” it says.
Sign of Things to Come?
James McQuiggan, education director for the Florida Cyber Alliance and security awareness advocate for the security firm KnowBe4, warns that similar breaches are inevitable. “Unfortunately, with another cryptocurrency exchange successfully attacked, this can only be a sign of things on the horizon for these exchanges,” he says.
Karl Steinkamp, director of payment card industry offerings for the security firm Coalfire, says the Liquid crypto exchange breach “is an unfortunate setback for the company. It is yet unknown if the attacker(s) plan on returning the funds. The network also had a non-crypto asset data breach less than a year ago … [which] speaks to the broader narrative that innovation companies need to continue to build more security by default into their products.
“Companies are rapidly waking up to the reality that they must balance speed with security or risk not being in business. Regulation and requiring compliance of crypto asset exchanges and third parties that operate within the crypto universe is likely to be part of the solution. … [However, these efforts] need to be carefully thought out … to not stifle innovation.”