Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Merits 7 from 3 users
Re: The stupid 307 BTC hacker (Exmo exchange)
by
RickDeckard
on 25/07/2021, 16:17:17 UTC
⭐ Merited by The Pharmacist (5) ,Fesatmas (1) ,buwaytress (1)
I still don't understand if this is just a rant about how the hacker stole BTC from Exmo's clients, or a rant to the "stupidity" of the hacker that at the 207 transaction managed to trick himself into ruining his previous work - either way I would just like to say that you can't assume people know about all the hacks that are made against exchanges (let alone smaller ones). I was able to find some information while googling this "hack", and according to Exmo themselfs [1] here's the main address:
Quote
We have detected that some amounts of BTC, XRP, ZEC, USDT, ETC and ETH have been withdrawn to the hackers’ private addresses on December 21st, 2020 between 00:00 – 10:00 AM, UTC. Currently, almost the entire amount of stolen BTC is stored on the following BTC wallet: 1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq
Albeit a "dent" in anyone's life, it seems that the attack "only" represents about 6 % of the company's total assets[1]:
Quote
Compromised due to the hack amount makes up around 6% of the company’s total assets. We don’t believe it could somehow affect a going concern basis for EXMO. The company’s policy is to store around 5-10% of all its assets on hot wallets to enable fast withdrawals for users and limit potential losses from the hacks. At the moment of the hack, there was approximately 5-10% of BTC on a withdrawal wallet according to the internal rules.
I went by their website  to see if they already had some more recent news regarding the incident but sadly the lastest one (regarding this subject) was from 23-12-2020[2]:
Quote
Our investigation is ongoing, and we are taking all necessary and precautionary measures to prevent such incidents from reoccurring.
For anyone curious here's the address on Blockchair : https://blockchair.com/bitcoin/address/1A4PXZE5j8v7UuapYckq6fSegmY5i8uUyq

The balance was drained to 0, and he's got quite a lot of transactions recorded, mostly limited to 1 address which I assume was then sent to another one (probably some mixer I assume).

[1] https://info.exmo.com/en/notifications/security-incident-report/
[2] https://info.exmo.com/en/notifications/security-update-further-steps/