Posted on February 16, 2021 at 4:29 PM
Cryptocurrency exchange EXMO has been the victim of a huge DDoS attack that knocked off its website. The U.K.-based exchange revealed that its website was unavailable for two hours yesterday after suffering from the attack.
According to the report, EXMO had an unusually large amount of traffic around 4:10 PM GMT, as its activity was disrupted by a large number of connections.
EXMO has a huge market in Kazakhstan, Ukraine, and Russia. The exchange said the motive of the attacker was to overload the exchange’s servers with irrelevant requests, causing the server to slow down or halt completely.
“Please note the EXMO exchange website is now under the DDoS attack. The servers are temporarily unavailable,” the statement reads.
Second attack within two months
This will be the second time EXMO has experienced an outage within a space of two months. There was another attack on December 24 when the threat actors earned 5 percent of the exchange’s assets through its “hot” wallets.
After the incident, EXMO reported that the threat actors succeeded in stealing about $4 million worth of customer cryptocurrencies.
EXMO also states that the previous attack only affected the exchange’s website. However, this present attack was massive and encompasses both the website and the company’s network infrastructure. The attack affected the exchange charts and the Websocket AP.
A spokesperson for the exchange commented on the attack, saying this was the highest DDoS attack the exchange has recorded, as it drove almost 30 GB of data per second.
“So, it’s quite natural for any exchange to be down under these circumstances,” the spokesperson added.
However, he said the attack was stopped using the DDoS protection Qurator. The exchange is also working on modalities to fortify the servers and systems further.
Normal service has resumed
EXMO stated that normal service has resumed, but the webpage is still under maintenance. It also added that investigation into the attack is ongoing and further details will be revealed as it gets more information.
Presently, it’s not certain who is responsible for both DDoS attacks or whether they are connected to the same threat actor.
But the incidents happened when the price of Bitcoin reached a record high. With the top cryptocurrency hitting impressive levels, it’s an invitation for cybercriminals to take advantage and cash in. More hackers are now interested to hack into crypto-exchange servers to steal funds and sell them in a massive return.
Distributed Denial of Service (DDoS) attacks occur frequently in the cryptocurrency market, as threat actors try to disrupt trading services. They overwhelm servers with loads of unnecessary traffic. But these types of attacks, despite their severity, are considered fairer than hacking incidents that cause users to lose their funds.
EXMO rolled out its exchange business in 2013. However, the crypto exchange has expanded its operational base as Britain concludes plans to finally exit from the EU. It has expanded to other European countries in a bid to still have access to the European bloc post-Brexit.
The exchange recently launched its operations in Turkey, which is the fourth office following rollouts in Moscow, Barcelona, and Kyiv.
Although the firm isn’t planning to shrink its London headquarters and move resources, the expansion indicates that how big banks are trying to deal with the post-Brexit operation in Europe. Many organizations are trying to offset the impact of Brexit by increasing their presence in Europe.
An investigation into the attack ongoing
After the attack, the exchange kept deposits and withdrawals on suspension, according to a security update. EXMO also stated that the hacking incident has been reported to the National Cybersecurity Centre (NCSC) and the U.K police for further investigation.
EXMO also stated that the exchange has different servers for production servers and cryptocurrency wallets. The hack did not have any impact on the production server, and all data about clients and their transactions remain intact.
The exchange also said checks have been carried out for all the logs to see if there are any compromised crypto servers. But everything is in one piece the exchange stated.