Cyber Incident Victim: Exmo

On December 21, 2020, at 2:27:02 UTC, EXMO cryptocurrency exchange detected suspicious large withdrawals from its hot wallets, prompting immediate action to suspend all withdrawal activities. The British-based exchange confirmed that attackers had compromised several hot wallets—internet-connected storage systems used for processing transactions—resulting in unauthorized transfers of Bitcoin (BTC), XRP, Zcash (ZEC), Tether (USDT), Ethereum Classic (ETC), and Ethereum (ETH). EXMO’s security audit revealed the stolen assets represented approximately 5% of the exchange’s total holdings, though the exact monetary value was not disclosed. The exchange emphasized that offline cold wallets, which store the majority of assets, remained secure and unaffected. Within hours of detection, EXMO redeployed its hot wallets to prevent further unauthorized access and publicly assured users via Twitter and its website that all losses incurred by affected customers would be fully covered by the company.

The attackers transferred stolen funds to specific blockchain addresses across multiple cryptocurrencies, including BTC address 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq and ETH/USDT address 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce, among others documented by EXMO. The exchange reported the incident to the London police’s Cybercrime unit and initiated a collaborative investigation while conducting a comprehensive security review of all systems to identify the breach’s root cause. EXMO advised users not to deposit funds into existing wallets during the investigation and maintained withdrawal suspensions as a containment measure. At the time of the incident, EXMO had 27,795 active traders and a 24-hour trading volume of 2,273 BTC (approximately $52 million). The exchange’s temporary registration with the UK Financial Conduct Authority, granted earlier in December 2020, remained active until July 2021, though no regulatory implications from the hack were disclosed in the available information.