Cyber Incident Victim: Exmo
Date:
Feb 2021
Location:
United Kingdom
Summary
A British cryptocurrency exchange experienced a temporary outage due to a distributed denial-of-service (DDoS) attack targeting its platform, rendering servers and critical infrastructure including the website, APIs, and exchange charts unavailable. The attack, described as massive with a peak intensity of 30GB per second, was successfully mitigated after several hours, with additional protective measures implemented to prevent recurrence. This incident followed a prior security breach where attackers compromised the platform's hot wallets, leading to unauthorized withdrawals of approximately 5% of total assets; user losses from that compromise were fully covered, and the exchange was developing a new wallet infrastructure while suspending withdrawals during remediation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 15, 2021, British cryptocurrency exchange EXMO experienced a distributed denial-of-service (DDoS) attack that temporarily forced its servers offline. The company publicly acknowledged the attack through a platform notification and an official Twitter statement, confirming the unavailability of its website and services. EXMO’s technical team immediately worked to address the disruption, though no interim updates were provided during the outage. The attack, described as massive with a peak traffic volume of 30GB per second, impacted the exchange’s entire infrastructure, including its website, application programming interface (API), Websocket API, and trading charts. This caused a multi-hour service interruption before EXMO successfully mitigated the attack and restored operations. By February 17, the exchange confirmed it had resumed regular operations and implemented additional defensive measures to prevent similar incidents. EXMO had previously been registered with the UK Financial Conduct Authority on a temporary basis until July 2021, following an application submitted in April 2020.
This incident followed a separate security breach disclosed by EXMO in December 2020, when attackers compromised the exchange’s hot wallets—internet-connected systems used for processing transactions—and withdrew approximately 5% of its total assets. In response to that breach, EXMO suspended all withdrawal functionality and committed to fully reimbursing affected users. The exchange initiated an overhaul of its hot wallet infrastructure, requiring the deployment of separate servers for each blockchain, a process expected to take significant time. Users were instructed to generate new wallet addresses once deposits and withdrawals resumed. EXMO emphasized ongoing investigations and precautionary measures to prevent recurrence of both the wallet compromise and the subsequent DDoS attack, though no technical linkage between the two incidents was disclosed in the available information. The exchange’s public communications framed these events as challenges inherent to operating a major European cryptocurrency platform.