Deribit’s $28 Million Hot Wallet Hack Analysis | QuillAudits
Summary:
On the 1st of November 2022, Deribit Exchange was hacked for $28 Million. The attacker compromised Deribit’s BTC, ETH, and USDC hot wallets and drained around $28 Million worth of cryptocurrencies. Deribit temporarily halted withdrawals and further announced that client assets were not affected.
Deribit Exchange:
Deribit is a leading cryptocurrency futures and options exchange that enables crypto traders to execute derivatives trading strategies for various Cryptocurrencies. Deribit offers derivatives products for bitcoin and Ether.
Hack Details:
Hot Wallets: Web-based wallets, mobile wallets, and desktop wallets are all typically hot wallets. Among them, web wallets are the least secure, though all crypto hot wallets are vulnerable to online attacks.
Deribit’s Hot Wallet was compromised which led to the draining of funds by the attacker. There are many possible ways in which these hot wallets could have been compromised like Online Malware, Seed phrase leaks, social engineering, keyloggers, etc. But, There has not been any official announcement fr Deribit about the actual cause due to which the wallet got compromised.
Lost Assets:
Total Assets lost were around $28 Million (at the time of the hack).
On-Chain Details:
Deribit’s Wallet: etherscan.io/address/0x58f56615180a8eea4c462235d9e215f72484b4a3
Attacker’s Ethereum address:
1. etherscan.io/address/0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd
2. etherscan.io/address/0x8d08aad4b2bac2bb761ac4781cf62468c9ec47b4
Attacker’s Bitcoin Address:
blockchair.com/bitcoin/address/bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk
After the Exploit :
On the 2nd of November, 2022, Deribit announced the hack. They announced that Client assets, Fireblocks, or any of the cold storage addresses are not affected and the loss will be covered by company reserves.
On the 7th of November Deribit released an incident analysis report:
Status of Funds:
The compromised assets in Ethereum did not move until 5 November. But then the hackers started moving funds to Tornado Cash.
Mindmap of Flow of funds (Ethereum):
The attacker’s Bitcoin Wallet still holds around 691 Bitcoin i.e. $13.6 Million (at the time of writing this blog)
How could they have prevented the Exploit?
Generally, cold storage wallets are quite secure. Stealing from a cold wallet usually would require physical possession of or access to the cold wallet, as well as any associated PINs or passwords that must be used to access the funds. So, using a cold wallet ( a hardware wallet ) is much more secure than using a hot wallet and could have mitigated the issue.
Further Reference / Credit:
https://twitter.com/DeribitExchange/status/1587701883778523136
https://insights.deribit.com/exchange-updates/1-november-incident-report-and-next-steps/
Web3 security- Need of the hour
Why QuillAudits for Web3 Security?
QuillAudits is well-equipped with tools and expertise to provide cybersecurity solutions saving the loss of millions in funds.
Want more Such Security Blogs & Reports?
Connect with QuillAudits on :
Linkedin | Twitter | Website | Newsletter | Discord | Telegram
Partner with QuillAudits :
- Affiliate program ( Refer and secure web3 )
- QuillAudits Partnership Programme ( Venture funds, launchpads, development companies, marketing firms, web2 cybersecurity firms, web3 products )
