The hot wallet of Deribit—a crypto exchange known for its futures and options offerings—was recently hacked. Funds to the tune of $28 million were drained in the crypto hack.
In a Twitter statement that was released after the incident, the company emphasized client fund safety and blocked withdrawals for now. The company reserves will bear the losses, the tweet suggests.
Deribit hot wallet compromised, but client funds are safe and loss is covered by company reserves
Our hot wallet was hacked for USD 28m earlier this evening just before midnight UTC on 1 November 2022.
— Deribit (@DeribitExchange) November 2, 2022
The company has confirmed that it remains in a “financially sound position” and that its ongoing operations will not take a hit.
Deribit is, unfortunately, only the latest addition to the list of hacks. The rise in the number of crypto hacks and rug pulls this year has been causing much alarm for much of this year. October has been the worst month for the space as it witnessed 11 DeFi hacks, causing losses worth $718 million. The silver lining, though, is that some funds have been recovered in a few instances this year.
What to expect after the crypto hack
The exchange was hacked on 1 November 2022, just before midnight. While the incident is still under investigation, the company put out a Twitter statement the same day, clarifying what is to be expected.
Deribit’s statement mentions that addresses specific to cold storage remain unaffected. The company claimed that it had been following a safety-specific approach and had deposited 99% of its user funds across cold storage addresses for some time.
Going by current reports, it appears that only the USDC, ETH, and BTC hot wallets were breached during this crypto hack.
As of now, the company has put a stop to the withdrawals for initiating multiple security checks. Even Deribit custodians like Cobo and Clearloop have followed suit, halting withdrawals at their end.
Processed deposits will still go through, but the firm has amplified the number of minimum confirmations to thwart other malicious attempts.