FixedFloat , a leading cryptocurrency exchange service, is pleased to announce its return to full operation following a series of security breaches that occurred in February and March of this year. The incidents, which resulted in the theft of $26.1 million, have prompted the company to take significant measures to enhance its security infrastructure and ensure the safety of its users’ assets.
In February, FixedFloat experienced a major security breach when an attacker exploited a vulnerability in the company’s security structure. Despite immediate efforts to address the weaknesses, the same attacker struck again on March 31.
After thorough analysis, it was determined that the attacker had exploited vulnerabilities in the services provided by Time4VPS, a third-party hosting provider used by FixedFloat.
For several years, FixedFloat relied on Time4VPS for hosting services, which was initially chosen for its affordability and convenience. Although we had progressively migrated most of our infrastructure to proprietary servers, by early 2024, some low-power nodes and subsystems remained hosted with Time4VPS.
Time4VPS, which serves over 100,000 customers across Europe, promotes itself as a secure and customer-focused provider, a claim we found to be misleading.
In February, the attacker identified the IP address of one of our technical servers hosted by Time4VPS. On March 31, unauthorized access was recorded across all our Time4VPS servers, even though only one IP was known to the attacker. Despite our immediate actions to change passwords, the hacker managed to override these changes and maintain access.
Time4VPS’s virtualization technology limited our ability to activate critical security protocols following the
Read more on cryptonews.com