Cryptocurrency exchange EXMO has been knocked offline by a “massive” DDoS attack, the UK-based company has confirmed.
The exchange said it suffered a distributed denial-of-service (DDoS) assault yesterday (February 15), when its website was unavailable for two hours.
EXMO said that it experienced an unusual amount of traffic at 16.10 GMT, with the number of connections temporarily disrupting its activity.
A spokesperson for EXMO told The Daily Swig that while previous DDoS attacks had affected only the website, this “massive attack” – which drove 30 GB of traffic per second – affected “the whole network infrastructure, including the website, API, Websocket API, and exchange charts”.
The spokesperson added: “So, it’s quite natural for any exchange to be down under these circumstances. The attack was repelled with the help of DDoS protection Qurator. We are now also taking additional security measures.
“EXMO resumed its work yesterday. So basically, we were down just for a couple of hours.
“Unfortunately, with a splash in market activity, which undoubtedly drives a positive change, many negative phenomena are back as well. DDoS, which we’ve faced, is just one of them.”
Normal service has now resumed, said the company, though the webpage does state it is undergoing maintenance. The cryptocurrency exchange is looking to determine the culprit behind the incident.
Multiple attacks
This news follows another security incident on December 21, 2020, which saw attackers steal around $4 million in cryptocurrency from EXMO.
Malicious hackers took an estimated 6% of the exchange’s assets. The funds were withdrawn through exchange Poloniex, and therefore cannot be returned.
EXMO temporarily suspended withdrawals and deposits, it explained in a security update.
The company also said it had reported to incident to UK police and the National Cybersecurity Centre (NCSC).
EXMO said at the time: “We have completely separate server infrastructure for cryptocurrency wallets and all other platform data (production servers). The hack didn’t affect the production server. All information about transactions and clients also remained out of reach for the hackers.
“At this moment, we did checks for all the logs on compromised cryptocurrency servers. As a result, we assume that the hacker got the private keys. And now we are trying to find how it happened.”
EXMO added: “We are working with cybersecurity teams around the world to sort everything out and continue operating in a safe environment.”
