In brief

  • Cryptocurrency exchange EXMO has lost 5% of its assets, the platform revealed.
  • Bitcoin, Ethereum, and other cryptocurrencies have been withdrawn from a number of EXMO's hot wallets.
  • Some analysts said that losses might amount to roughly $10.5 million.

EXMO, a UK-registered cryptocurrency exchange with offices in London, Moscow, and Kyiv, has become a victim of a cyberattack today, losing roughly 5% of its assets held on hot wallets to hackers, the platform stated.

“We have spotted some large withdrawals since December 21st at 2:27:02 UTC. We are still investigating the incident, but as of now, the security audit report showed that some amounts of BTC, XRP, ZEC, USDT, ETC and ETH in EXMO’s hot wallets were transferred out of the exchange,” said EXMO.

Per the post, the affected hot wallets comprised around 5% of the exchange’s total assets. At the same time, the funds stored in cold wallets are ostensibly safe, the platform stressed.

After the hack was discovered, EXMO suspended all withdrawals, simultaneously urging its clients not to deposit any additional funds until further notice.

“We kindly ask all the services and exchanges to block all the accounts that are connected to these [hacked] wallets. Currently, we are locating the reason for the incident and will keep this list updated”, the exchange added. 

Speaking to Decrypt, Maria Stankevich, chief business development officer at EXMO UK, noted that the exact amount of stolen funds is still being calculated. Additionally, she said that if some EXMO users were affected by the hack, the exchange will compensate for damages using its own insurance fund.

Meanwhile, The Block’s analyst Igor Igamberdiev approximated EXMO’s losses at around $10.5 million.

“We reported the case to the London police this morning and keep in touch with the Cybercrime team there. We also will conduct a thorough security review that will include all parts of our systems and data,” EXMO added.

As Decrypt reported earlier today, hardware wallet manufacturer Ledger apparently also got hacked as more than one million of its customers’ emails were leaked on a hacker site.