SECURITY

Japanese cryptocurrency exchange Liquid hacked, loses over $90 million

share
Japanese cryptocurrency exchange Liquid hacked, loses over $90 million

Japanese cryptocurrency exchange Liquid Global posted an urgent tweet on Thursday, claiming to have been hacked and temporarily suspending deposits and withdrawals. It stated that its hot wallets had been compromised and that digital assets are being transferred to cold wallets; meanwhile, it continues to provide updates on the ongoing investigation.

Table of Contents

Japanese cryptocurrency exchange Liquid Global urgently announced on Twitter this Thursday that it has been under a hacker attack and has temporarily suspended deposits and withdrawals. It stated that its hot wallets have been compromised and is in the process of transferring digital assets to cold wallets, while providing ongoing updates on the investigation progress.

So far, Liquid Global has disclosed nine hacker wallet addresses where stolen funds were deposited. One of the addresses was even actively conducting Bitcoin transactions at the time of discovery. In response, Eddie Wang, Senior Researcher at OKLink, commented: "Although the total amount stolen has not been confirmed, the value of assets including BTC, ETH, XRP, and TRON may exceed $90 million." (Note: OKLink was founded in Beijing in 2014 and is a blockchain information webpage created by a blockchain big data company, aiming to provide blockchain information and data services.)

In subsequent tweets, Liquid Global mentioned that it is cooperating with other cryptocurrency exchanges to freeze the funds. Johnny Lyu, CEO of the cryptocurrency exchange KuCoin, stated that his platform is aware of the situation and has blacklisted the hacker's wallet addresses, a move that may be followed by other exchanges.

Liquid Global claims that the hacker attack targeted an MPC wallet (Multi-Party Computation wallet): "The MPC Wallet used by QUOINE PTE, a subsidiary in Singapore, was compromised."

MPC is an advanced cryptographic technology where the private keys controlling the assets are generated by a series of parties, with no party able to see the computation fragments of the others. Liquid Global did not explain in the tweet how this security mechanism was compromised. (For more information about MPC: https://www.fireblocks.com/what-is-mpc/)