- $28 million has been stolen from the hot wallets of Bitcoin options platform Deribit
- User funds are not affected and the company says it will cover the loss
- No explanation has yet been offered as to how the hackers got in
Bitcoin options giant Deribit has been exploited and $28 million stolen from its hot wallets, the exchange announced this morning. The platform posted a message on Twitter to say that the hot wallets had been compromised but that customer funds were safe, with the company funding the shortfall, although it didn’t offer any early theories as too how the hackers accessed its hot wallets.
Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves
Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022.
— Deribit (@DeribitExchange) November 2, 2022
Users Funds Not Impacted
Deribit stated that the hack took place before midnight last night, but that only the hot wallets belonging to the exchange were compromised – client assets and any cold storage addresses were not affected, nor was Fireblocks, its digital asset custody, transfer and settlement platform.
The exchange explained that as company policy it keeps 99% of user funds in cold storage to limit the impact of events such as this, with the hackers restricted to Deribit’s BTC, ETH and USDC hot wallets.
Deribit has also halted withdrawals while increasing the number of confirmations on deposits, and is asking people not to send deposits for the moment in order to avoid a backlog.
No Hack Details Offered Yet
The company finished the tweet thread by saying that it was still in a “financially sound position” and that “ongoing operations will not be impacted”, reinforcing the message that user funds were not impacted and that the shortfall will be met by company reserves.
It seems too early to tell exactly how the hackers were able to gain access to the Deribit hot wallets, but situations like this often point to humans being the weak point, with a phishing attack or social engineering regarding a Deribit employee the most likely avenue at the moment, going from past experience.
