Bilaxy exchange suspends website after ERC-20 hot wallet hack
Bilaxy, a lesser-known cryptocurrency exchange, has confirmed a major hacking incident, reporting the losses of funds due to an exploit of the platform’s ERC-20 hot wallet.
Bilaxy announced on its Telegram channel that the crypto exchange suffered a “serious hack” on Saturday between 6 pm and 7 pm UTC, resulting in the transfer of 295 different ERC-20 tokens.
According to the exchange, the affected tokens were transferred by the hacker to a single address. At the time of writing, the tokens are valued at $170,600, with the most recent transaction sending out 50 Ether (ETH), or about $159,000, on Monday.
Shortly after detecting abnormal hot wallet transactions, Bilaxy suspended its website to take emergency measures and move “hundreds of tokens” from its hot wallet to cold wallets in order to secure the assets.
In a separate Telegram update, Bilaxy asked its customers to stop deposits to the platform. Bilaxy’s website does not provide any further information other than a temporary system maintenance notice and a link to the platform’s Telegram channel.
Bilaxy has not announced the dollar value of assets stolen by the hacker. Some unconfirmed reports speculate that the exchange could have lost up to $450 million.
According to an update from decentralized finance protocol Hoge Finance, the attack involved a hack and transfer of nearly 300 cryptocurrencies, including Tether (USDT), USD Coin (USDC), Uniswap (UNI) and others. Hoge Finance said that nearly all Bilaxy's 1 billion HOGE tokens ($141,000) out of an alleged total of $22 million drained from the exchange were sent to another wallet.
Related: Beleaguered DeFi project xToken suffers second major exploit since May
Bilaxy did not immediately respond to Cointelegraph’s request for comment. The exchange told customers that it will collaborate with security institutions and law enforcement to provide security audits and launch an investigation.
According to data from crypto tracking website CoinMarketCap, Bilaxy was launched in 2018 and is registered in the Republic of Seychelles. At the time of writing, the exchange’s Twitter account has over 25,000 followers.
The news comes as the Liquid exchange gradually recovers from a nearly $100-million hack that took place in mid-August. On Sunday, Liquid resumed deposits and withdrawals for several cryptocurrencies, including ERC-20 and Stellar-based USDC, Dai and GYEN.