The bitcoin (BTC) and cryptocurrency exchange Deribit suffered an attack that forced it to take urgent measures in the early hours of today, November 2, 2022. The losses suffered by the company were USD 28 million.

Deribit, one of 10 bitcoin (BTC) futures and options exchanges with more market volumesuffered losses not only in that cryptocurrency, but also in ether (ETH) and USD Coin (USDC). The company explained that user funds are safe and that the company’s reserves will cover the losses.

In detail, the attackers took 691 BTC (USD 14.1 million at the closing of this note, according to the CriptoNoticias price index), 9,111 ETH (USD 14.27 million). Those ethers also include the stolen funds in the USDC stablecoin, which were immediately converted to the Ethereum cryptocurrency.

The attackers stole the cryptocurrencies from an online wallet, a resource exchanges use to process withdrawals faster. However, cold wallets (used for “cold” storage, on devices not connected to the internet), where “99% of users’ crypto assets” are located, were not compromised, the exchange said on Twitter.

In the official telegram Deribit is assured that there will be more information soon and that the company is willing to negotiate with the attacker to recover the funds and learn more details about the attack.

Deribit’s measures against the attack

To respond to the action of hackers, Deribit temporarily suspended withdrawals. Meanwhile, the deposits are enabled with delays, but the company itself does not recommend them until the security controls are completed.

For now, the stolen money still hasn’t moved from the identified address. One feasible possibility in these cases is for the attacker to pass their cryptocurrencies through a transaction mixer, making them more difficult to identify and trace later.