Cyber Incident Victim: Exmo

On December 28, 2017, the UK-based cryptocurrency exchange Exmo experienced a distributed denial-of-service (DDoS) attack that temporarily disrupted its website operations. The company publicly acknowledged the incident through a Twitter statement confirming the attack and estimating service restoration within 30 minutes, while apologizing for the inconvenience. The attack caused a partial shutdown of Exmo's platform, though the exact duration of the outage and technical specifics of the assault remained undisclosed by the company. At the time of the reporting, Exmo's website had resumed normal operations, indicating successful mitigation of the attack. The exchange did not identify the perpetrators or disclose whether any ransom demands were made in connection with the cyberattack. Exmo maintained offices across multiple jurisdictions including Spain, Russia, India, and Singapore, though the attack specifically targeted its UK operations based in Polegate, Sussex.

This incident occurred two days after the December 26 kidnapping of Pavel Lerner, Exmo's lead blockchain analyst, who was abducted by masked assailants outside his Kiev office. The exchange issued an official statement confirming Lerner's safe recovery on December 29, noting he sustained no physical injuries but experienced significant psychological stress. Exmo emphasized that Lerner's responsibilities did not include access to user financial assets and stated normal business operations continued uninterrupted throughout both events. Ukrainian authorities launched an investigation into the kidnapping, while Exmo did not confirm whether the DDoS attack and kidnapping were related incidents. The company provided no additional details regarding the origin or motivation behind the cyberattack, nor did it disclose any communication from threat actors involved in either event. IBTimes UK documented that Exmo had not offered further public clarification about the attack's root cause at the time of publication.