Nov 2022 - Deribit Hot Wallet Breached - $28m (Global)
"Cryptocurrency options and futures exchange Deribit has been hacked, with $28 million being drained from its hot wallet."
"Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves
Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022."
"Client assets, Fireblocks or any of the cold storage addresses are not affected. It's company procedure to keep 99% of our user funds in cold storage to limit the impact of these type of events.
The hack is isolated & quarantined to our BTC, ETH and USDC hot wallets."
"We are performing ongoing security checks and have to halt withdrawals including third-party custodians Copper Clearloop and Cobo until we are confident all is safe to re-open."
"Deposits already sent will still be processed and after the required number of confirmations, they will be credited to accounts."
"We have raised the minimum number of confirmations for the moment causing a delay in crediting funds. Until we open wallets again we request you not to send new deposits."
"The insurance fund will not be impacted, the loss will be paid by company reserves. Deribit remains in a financially sound position and ongoing operations will not be impacted."
"During an appearance on CoinDesk TV on Wednesday, Deribit's chief commercial officer, Luuk Strijers, said client assets have not been affected but withdrawals have been temporarily halted as the exchange makes security checks."
""Hackers have gained access to our wallet server, which enabled them to initiate withdrawals from our hot wallet," Strijers said. "We keep 99% of our assets in cold storage and only 1% in hot wallets. The hacker gained access to these hot wallets."
"Strijers also revealed that the entirety of the loss will be covered by Deribit's balance sheet assets, which are separate from the company's $40 million insurance fund."
Further Analysis
Cryptocurrency options and futures exchange Deribit experienced a hack in which $28 million was stolen from its hot wallet. The incident occurred just before midnight UTC on November 1, 2022. Fortunately, client assets and cold storage addresses, including those of third-party custodians, remain unaffected by the hack. Deribit follows a protocol of keeping 99% of user funds in cold storage to minimize the impact of such events. To ensure security, Deribit has temporarily halted withdrawals, including those of third-party custodians, while they conduct ongoing security checks.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
FTX Exchange Collapse and Bankruptcy > > < < Fries Fund DAO Profanity Address Exploit
Sources/Further Reading
Crypto Exchange Deribit Loses $28M in Hot Wallet Hack, Pauses Withdrawals (Dec 31)
Deribit Hacker Has Started Moving the Stolen $28M to Tornado Cash (Dec 31)
Deribit hackers move stolen Ether to Tornado Cash crypto mixer (Dec 31)
@DeribitExchange Twitter (Dec 31)
Deribit Hotwallet Exploiter | Address 0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd | Etherscan
(Dec 31)
Ethereum Transaction Hash (Txhash) Details | Etherscan
(Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|