DDoS Attack Temporarily Breaks UK’s EXMO Cryptocurrency Exchange

Posted on by Dawna M. Roberts in News May 04, 2021

 Large, popular cryptocurrency exchange EXMO was knocked offline by a massive DDoS attack on February 15. The incident prevented users from accessing accounts, and the company’s website was down for more than two hours.

What Happened?

At approximately 4:10 p.m., EXMO experienced a massive influx of traffic in an aggressive distributed denial-of-service (DDoS) attack that temporarily knocked its servers offline and halted business operations.

The Daily Swig talked to a spokesperson for EXMO who said that they had experienced previous DDoS attacks that have only ever affected their website. However, this attack came packing a punch (more than 30 DB of traffic per second) and disrupted their “entire network infrastructure including the website, their API, Websocket API and exchange charts.”

The same spokesperson said,

“So, it’s quite natural for any exchange to be down under these circumstances. The attack was repelled with the help of the DDoS protection Curator. We are now also taking additional security measures.”

“EXMO resumed its work yesterday. So basically, we were down just for a couple of hours.”

“Unfortunately, with a splash in market activity, which undoubtedly drives a positive change, many negative phenomena are back as well. DDoS, which we’ve faced, is just one of them.”

Although the service was only interrupted for a short time, they did open an investigation to locate the responsible parties.

EXMO is an Attractive Target

Being in the business of cryptocurrency makes EXMO a popular target for cybercriminals. Back in December, hackers stole $4 million from EXMO in another attack. Threat actors plundered roughly 6% of the company’s assets, and they cannot be recouped. To mitigate the damage, the company had to suspend deposits and withdrawals for a while. The incident was reported to the UK police and National Cybersecurity Centre (NCSC).

After that attack, EXMO commented that

“We have completely separate server infrastructure for cryptocurrency wallets and all other platform data (production servers). The hack didn’t affect the production server. All information about transactions and clients also remained out of reach for the hackers.”

“At this moment, we did checks for all the logs on compromised cryptocurrency servers. As a result, we assume that the hacker got the private keys. And now we are trying to find how it happened.”

They concluded with, “We are working with cybersecurity teams around the world to sort everything out and continue operating in a safe environment.

What is a DDoS Attack?

A distributed denial-of-service (DDoS) attack is when bad actors flood a service, network, or device with heavy traffic to overwhelm it, so it stops working.

Typical targets for DDoS attacks include computers, network servers, and IoT devices. The purpose of a DDoS attack is to temporarily shut down these services to expose vulnerabilities so hackers can access them using either backdoors or other malware and take control. Often the goal is monetary or sometimes to steal information for identity theft or to sell on the dark web.

Cyber gangs use malware to create vast networks called botnets (often using privately-owned devices unknowingly connected through a malware infection). They use all these devices to send information to the target at once. Because many of these devices are legitimate, it’s very difficult to separate them from the culprits and identify exactly where the damage is coming from.

The symptoms of a DDoS attack usually begin with the server, computer, or service, slowing way down and becoming unresponsive. Server monitoring may also show a massive spike in network activity within a few seconds. Often these attacks take place at odd hours (such as the middle of the night) or appear to come from a single IP or a range of IP addresses. Another telltale sign is the traffic will all be directed towards a single target which might be an app, service, or single web page.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

Scan Your Records for Breaches, Leaks & Exposures!