Cyber Incident Victim: Liquid

On August 19, 2021, Japan-based cryptocurrency exchange Liquid suspended deposits and withdrawals after discovering unauthorized access to its warm wallets. The platform, which served over 800,000 customers across 100+ countries and reported $1.1 billion in daily trade volume earlier that year, immediately moved remaining assets to cold storage for protection. Liquid confirmed approximately $91.35 million worth of cryptocurrency across 69 different assets had been stolen, with Ethereum tokens comprising nearly half the loss at $45 million. Blockchain analytics firm Elliptic observed the attackers converting stolen Ethereum-based tokens into ETH through decentralized exchanges like Uniswap and SushiSwap, a laundering technique designed to evade asset freezes. While crypto deposits and withdrawals remained suspended during the investigation, fiat transactions, trading services, and Liquid Earn products continued operating normally. The exchange initiated impact assessments but had not publicly identified the attack vector at the time of reporting.

This incident followed Liquid's November 2020 security breach involving domain hijacking through compromised GoDaddy accounts, which exposed customer emails, names, addresses, encrypted passwords, and API keys. The theft occurred one week after the record-breaking $611 million Poly Network hack, though no connection between the two events was established. Liquid's response prioritized wallet security hardening and transaction tracing while maintaining partial service availability. The FBI had issued a July 2021 warning about increasing cryptocurrency theft targeting exchanges and payment platforms, highlighting systemic risks facing the sector. Liquid's investigation remained ongoing with no public attribution of responsibility for the attack at the time of disclosure.