Two crypto exchanges suffered from a couple of security blows over the past two days. XT.com confirmed a $1.7M hack, while Tapbit reported a cyberattack-induced outage. Meanwhile, Phemex introduced new security features to bolster their user account safety. While exchanges assured users of fund safety, the incidents highlight the critical need for robust safeguards in the crypto space.
Key Takeaways:
- XT.com assured users their funds remain unaffected despite the $1.7M hack.
- Tapbit promised compensation for losses post-cyberattack, leveraging its $40M insurance fund.
- Phemex introduced biometric Passkeys, raising the bar for account security.
XT.com Suffers $1.7M Hack
XT.com, a prominent crypto exchange handling with over $2 billion in daily spot trading volume, revealed a security breach on November 28, 2024, resulting in the theft of approximately $1.7 million. The funds were converted into 461.58 Ether, as reported by blockchain security firm PeckShield.
Initially, XT.com attributed the halt in withdrawals to wallet upgrades and maintenance. However, the platform later acknowledged the hack, assuring users that customer funds remained unaffected. They emphasized their commitment to safeguarding assets, citing reserve levels 1.5x greater than user assets. Exchange operations have been fully resumed at this point.
In a statement on X (formerly Twitter), the company said:
“We are aware of concerns regarding recent abnormal asset transfers. Rest assured, users’ assets remain safe and unaffected. The affected assets belong to the exchange, and we’re taking immediate action, including launching a Merkle Tree Proof of Reserves by mid-December to enhance transparency.”
– XT’s Twitter
Founded in 2018, XT.com ranks as the 20th largest centralized exchange by spot volume (data as of article publish date), offering trading for over 900 cryptocurrencies. While the hack involved approximately $1 million USDT spread across 12 currencies, XT.com clarified that the stolen assets belonged to the platform and would not impact customer funds.
As a consequence of this XT.com hack, the exchange promised to provide a Merkle Tree Proof of Reserves report this month. This will no doubt alleviate most user concerns and add additional transparency into customer deposits on the exchange.
As this time, all services on XT have been fully restored. XT’s 2 billion daily spot and 20 billion daily derivatives volume means the exchange will have no problems covering losses from this hack. Undoubtedly this will lead to the platform bolstering its security in the future.
Tapbit Exchange Hit by Cyberattack, Investigation Underway
Meanwhile, Tapbit experienced a cyberattack that briefly took its website offline. While services have since mostly been restored, the incident’s full impact remains unclear. The exchange stated:
“Tapbit recently experienced a cyberattack, and our platform remains under urgent repair. We deeply regret the inconvenience caused and assure you that all verified user losses will be fully compensated.”
Though Tapbit has yet to confirm the exact nature of the security incident or if user funds were even affected, the exchange reassured its community that all potential user losses will be compensated. It’s unclear whether this relates to potential losses because of the platform’s downtime, or if user funds were stolen.
Update on Dec 3rd: Tapbit published an update on the security incident. According to the exchange’s announcement, it was merely a DDoS attack which caused server outage, and no security has been compromised. Tapbit claims the attack originated from competitors, but provided no evidence for this. Users whos trading has been affected by the downtime may be eligible for compensation for any losses incurred.
Just last month, Tapbit published its first Proof of reserves report, proving all customer deposits are fully backed. While the ongoing incident is concerning, there is still no evidence that Tapbit lost any customer funds.
Tapbit has a $40 million insurance fund in place, which could cover potential losses. Customers are advised to monitor official announcements for updates on the recovery process and the forthcoming claims procedure.
Phemex Launches Passkeys for Enhanced Security
Nothing bad happened on Phemex, though! In a proactive step toward safeguarding user accounts, Phemex unveiled a Passkeys feature. This advanced authentication method leverages biometrics, such as Face ID and fingerprints, to simplify account security.
Passkeys replace traditional two-factor authentication (2FA), eliminating the need for authentication codes during login or withdrawal processes. This innovation combines convenience with robust security, ensuring that users can access their accounts seamlessly while enjoying the highest level of protection.
Security Takeaways
- Security First: The XT.com and Tapbit incidents underscore the importance of robust security measures and transparent communication during crises.
- Assurance Matters: Both exchanges emphasized user fund safety, with XT.com highlighting its reserves and Tapbit pledging compensation.
- Innovations in Safety: Phemex’s Passkeys set a new standard for account security, integrating cutting-edge technology to protect user assets.
Keeping your crypto exchange accounts and funds safe involves vigilance and proactive measures. Read this guide and follow these tips to significantly reduce the risk of unauthorized access and keep your assets secure.Read Now
Crypto traders are encouraged to stay vigilant, regularly update security protocols, and explore platforms offering enhanced protective features.
