UAE-based M2 exchange was recently hacked. The platform identified the issues, addressed vulnerabilities, and repaid users.
Crypto hacks seem to be never-ending this year, with yet another platform bearing the brunt of hackers’ actions. This time around, UAE-based centralized exchange (CEX), M2, was hit with a $13.7 million attack. The exchange claimed full responsibility, addressed the security issue, and reimbursed users affected by the hack.
An announcement from M2 read, “We would like to report that the situation has been fully resolved and customer funds have been restored.” It added, “M2 has taken full responsibility for any potential losses, demonstrating our unwavering commitment to safeguarding our customers’ interests. All services are now fully operational with additional controls in place.” The exchange also mentioned it was cooperating with legal and regulatory authorities to ensure the situation was handled appropriately.
ZachXBT, a blockchain investigator, took to their Telegram channel to report that the hacker(s) walked away with large amounts of bitcoin (BTC), Ether (ETH), and Solana (SOL). They gained access to three of the exchange’s hot wallets and have already swapped the stolen SOL to a wrapped version to move it to Ethereum and process it through crypto mixers. That way, they can obfuscate their on-chain footprints. They have also swapped some tokens for other altcoins like Shiba Inu (SHIB) for the same reason.
The hacker group that attacked WazirX a few months ago to pull off a $235 million hack also indulged in converting their assets and taking them to the Ethereum network to utilize Tornado Cash, a crypto mixer. While WazirX users still scramble to withdraw their funds, with the exchange undergoing a restructuring in Singapore, M2 users were luckier and saw their funds back without much delay.
This Year’s Hacks Have Grown to Become Highly Concerning
2024 has shaped up to become a scary year for users and developers as over $750 million was ransacked by hackers just in the third quarter alone. If that was not alarming, hackers siphoned these funds from across 155 security incidents. However, about $31 million was recovered from such incidents.
These statistics, pulled by a CertiK report, deal with centralized and decentralized platforms, indicating that hackers can breach all kinds of implementations. They can loot projects massively without discriminating—it does not matter if they operate using audited smart contracts or software built by regulated service providers. Cybercriminals are finding a way to get through.