Crypto exchange Deribit suffers $28m hack, halts withdrawals

Deribit, the largest bitcoin derivatives exchange by market share, has lost $28 million to the exploit that allowed attackers to access its Bitcoin, Ethereum, and USDC hot wallets.

Deribit’s hot wallet was compromised just before midnight UTC on November 1. A few hours later, the exchange confirmed the incident via its official Twitter account, reassuring users that the losses will be covered by company reserves and that clients’ funds were unaffected.

“Client assets, Fireblocks or any of the cold storage addresses are not affected. It's company procedure to keep 99% of our user funds in cold storage to limit the impact of these type of events,” the exchange tweeted.

Fireblocks is a third-party blockchain infrastructure provider that helps Deribit handle crypto custody, settlement, and transfers.

Deribit said that the hack is isolated, but withdrawals will remain halted as devs are performing ongoing security checks. The platform asked users not to deposit funds until the wallets are open again.

“The insurance fund will not be impacted, the loss will be paid by company reserves. Deribit remains in a financially sound position and ongoing operations will not be impacted,” the company added.

Deribit exploit becomes the latest in a string of crypto hacks in recent weeks. According to the blockchain analysis firm Chainalysis, October 2022 was the worst month for DeFi so far — the hackers managed to get away with the record $718 million stolen from 11 protocols in the first two weeks alone.

By the end of the month, the total losses amounted to more than $650 million, and the number of affected protocols grew to 53, according to security firm Peckshield.