KEY POINTS

  • Cryptocurrency exchange EXMO was hacked Monday, losing millions of dollars worth in 6 different currencies
  • The loss was limited by security measures, but the attackers seemed to have access to internal keys
  • The exchange will resume depositing and withdrawals Thursday

The U.K.-based cryptocurrency exchange EXMO lost 6% of its assets on Monday due to a hack, according to a report from CoinDesk. The attacker is believed to have had access to internal keys.

The EXMO’s security measures prevented the theft from being much worse, the exchange said in a statement.

Over 306 bitcoin were taken, worth $7 million, and transferred to an anonymous wallet. Smaller amounts of XRP, Zcash, USDT, Ethereum Classic and Ethereum were also stolen. Until the exact method of attack can be discovered, EXMO will limit the amount of currency in “hot wallets” and suspended client deposits and withdrawals.

While EXMO has not confirmed a dollar total for the attack, analysts for various cryptocurrency news outlets are reporting it to be around $10.5 million.

Deposit and withdrawal services should resume Thursday.

EXMO typically stores only 5-10% of its funds in active “hot wallets,” one of the measures that limited the exchange's losses. The hack was also stymied by the distribution of each of EXMO’s 57 currencies to individual servers.

The balance in users’ accounts was not affected.

“We don’t believe it could somehow affect a going concern basis for EXMO,” read EXMO’s statement. “The hack didn’t affect the production server. All information about transactions and clients also remained out of reach for the hackers.”

The first 50 bitcoins were born on January 3, 2009
The first 50 bitcoins were born on January 3, 2009 AFP / INA FASSBENDER

Some of the stolen XRP and Ethereum went to the Poloniex exchange. EXMO said it contacted Poloniex to get the account blocked, and is working with both officials and private institutions to mark the address as fraudulent and recover the funds.

EXMO now plans to establish a 3rd party “custody provider” for its hot wallets and permanently decrease the amount stored in them to 4-7%, along with a less specific pledge to “expand and strengthen its security department.”