{"id":33726,"date":"2020-12-21T14:46:05","date_gmt":"2020-12-21T12:46:05","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=33726"},"modified":"2025-08-28T15:19:21","modified_gmt":"2025-08-28T12:19:21","slug":"exmo-exchange-hacked","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/exmo-exchange-hacked\/","title":{"rendered":"EXMO Exchange Hacked"},"content":{"rendered":"<p>On December 21, the cryptocurrency exchange EXMO suspended withdrawals after the theft of about 5% of its total assets.<!--more--><\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Attention!<br \/>\nWe detected suspicious withdrawal activity. All withdrawals are temporarily suspended. We\u2019re investigating the issue and taking measures to protect your funds.<br \/>\nIf any user fund is affected by this incident, it\u2019ll be covered completely by EXMO.<a href=\"https:\/\/t.co\/QCtOGRFE65\">https:\/\/t.co\/QCtOGRFE65<\/a><\/p>\n<p>\u2014 EXMO (@Exmo_Com) <a href=\"https:\/\/twitter.com\/Exmo_Com\/status\/1340968871830966272?ref_src=twsrc%5Etfw\">December 21, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>From 2:27 UTC, the exchange&#8217;s security team recorded several unauthorized withdrawals from hot wallets BTC, XRP, ZEC, USDT, ETC, and ETH.<\/p>\n<blockquote>\n<p>\u201cWe responded immediately and moved the remaining funds from the compromised wallets,\u201d EXMO said.<\/p>\n<\/blockquote>\n<p>Representatives of the exchange have already filed a police report with London authorities and distributed transaction details to analytics systems, including CipherTrace. A list of addresses to which the stolen cryptocurrencies have been sent has also been published:<\/p>\n<ul>\n<li>BTC \u2013 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq;<\/li>\n<li>ETH \u2013 0x4BA6B2fF35055aF5406923406442cD3aB29F50Ce;<\/li>\n<li>ETC \u2013 0x4d9EF6846126Da2867AF503448be0508542C971e;<\/li>\n<li>XRP \u2013 rwU8rAiE2eyEPz3sikfbHuqCuiAtdXqa2v;<\/li>\n<li>ZEC \u2013 t1StUQiw1YyHT515xDxwxjfhEcw2iGSq2yL;<\/li>\n<li>USDT (ERC20) \u2013 0xa910f92acdaf488fa6ef02174fb86208ad7722ba.<\/li>\n<\/ul>\n<p>According to EXMO representatives, assets in cold storage are secure.<\/p>\n<p>All withdrawals are currently suspended. Users are asked not to deposit to the EXMO custodial wallets.<\/p>\n<p><strong>Update:<\/strong> <span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"0\">Preliminary estimates put EXMO&#8217;s losses at <a href=\"https:\/\/www.theblockcrypto.com\/post\/88692\/crypto-exchange-exmo-hacked\" target=\"_blank\" rel=\"noopener noreferrer\">$10.5 million<\/a>.<\/span><\/p>\n<p><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"0\">Hackers stole:<\/span><\/p>\n<ul>\n<li><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"5\"> 292 BTC (around $6.5 million), another 18.5 BTC ($415,000) awaiting confirmation in the mempool;<\/span><\/li>\n<li><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"6\">867 ETH (around $521,900);<\/span><\/li>\n<li><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"6\"> 476,521 XRP (around $247,700);<\/span><\/li>\n<li><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"6\">20,651 ETC ($126,800);<\/span><\/li>\n<li><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"6\">50,000 USDT ($50,000);<\/span><\/li>\n<li><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"6\">39,285 ZEC ($2.7 million). <\/span><\/li>\n<\/ul>\n<p><span class=\"JLqJ4b ChMk0b\" data-language-for-alternatives=\"ru\" data-language-to-translate-into=\"auto\" data-phrase-index=\"6\">Most of the funds have been sent to the Poloniex exchange. <\/span><\/p>\n<p>Earlier in December, an unknown attacker withdrew from the Nexus Mutual founder Hugh Karp <a href=\"https:\/\/forklog.com\/en\/news\/hacker-drains-founders-personal-address-of-defi-protocol-for-8-million\">more than $8 million in native NXM tokens<\/a>.<\/p>\n<p>Follow ForkLog on Telegram: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On December 21, the cryptocurrency exchange EXMO suspended withdrawals after the theft of about 5% of total assets.<\/p>\n","protected":false},"author":1,"featured_media":33727,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,497],"class_list":["post-33726","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-exmo"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/33726","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=33726"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/33726\/revisions"}],"predecessor-version":[{"id":33728,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/33726\/revisions\/33728"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/33727"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=33726"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=33726"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=33726"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}