Crypto futures and options exchange Deribit suffered a security breach on Tuesday around midnight, with hackers making off with nearly $28 million from the exchange’s hot wallet.

Exchanges often use hot wallets to process withdrawals instantly. These kinds of wallets come with high risk, however, as their private keys are stored in a company’s servers to sign withdrawal transactions.

In a statement on Twitter, the Panama-based exchange stated that their hot wallet got hacked for $28 million, but the client assets and cold storage addresses were not affected. 

While nearly $28 million has been stolen by the hacker, Deribit noted that “the hack is isolated to their BTC, ETH, and USDC hot wallets.” 

The hacker made 691 BTC and 9,111.59 ETH from the hack, with the USDC nabbed being quickly converted to Ethereum. The funds are now held in two wallets across Bitcoin and Ethereum. The funds are not moved to any mixer (or) laundering service as of this writing.

The company has assured users that they’re still in a “financially sound position” and its reserves cover the loss without affecting the insurance fund.

Deribit pauses withdrawals

Deribit stated that “they are performing ongoing security checks” and have halted withdrawals from the exchange.

The company has also advised against depositing new funds. Deribit said that the “Deposits already sent will still be processed, and after the required number of confirmations, they will be credited to accounts.”

The derivatives exchange is also a victim of the insolvency of investment firm Three Arrows Capital (3AC). 

Decrypt has reached out to Deribit for a timeline of the ongoing security checks and will update this story should the company respond.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.