Taiwan-based trading firm Kronos Research recently suffered a major security breach, leading to estimated losses of $25 million.
According to the company, the security breach involved the unauthorized access of API keys, leading to a loss of around 13,007 ETH, valued at $25 million at the time.
Kronos disclosed the incident on Nov. 18 via a post on social media.
In the interest of transparency
— Kronos Research 🟠 (@ResearchKronos) November 18, 2023
Around 4 hours ago, we experienced unauthorized access of some of our API keys. We paused all trading while we conduct an investigation. Potential losses are not a significant portion of our equity and we aim to resume trading as soon as possible.
The potential losses were not a significant portion of its equity, Kronos explained.
Blockchain researcher ZachXBT identified substantial Ether outflows from a linked wallet, amounting to over $25 million worth of the cryptocurrency.
Woo X, a local centralized exchange associated with Kronos, announced it is temporarily suspending specific trading pairs briefly, to address the liquidity loss but has now resumed spot and perpetual trading, along with withdrawals.
The exchange assured that client funds remain secure. Kronos continues to investigate the unauthorized access and has not disclosed additional details regarding the extent of losses.
Status update
— WOO X (@_WOO_X) November 18, 2023
– First and foremost, all client assets are safe
– TLDR our largest liquidity provider Kronos Research recently experienced a hack that caused them to pause all trading on WOO X
– Since Kronos Research is the primary liquidity provider for spot markets and around… https://t.co/sDR8QHvmZC
This incident has prompted concerns regarding the security of cryptocurrency trading firms and the vulnerabilities associated with managing API keys.
Renowned for its involvement in crypto research, marketing, and investment, Kronos Research now grapples with substantial financial repercussions arising from the breach. The unauthorized access event underscores persistent challenges in safeguarding digital assets and emphasizes the critical need for robust security measures within the cryptocurrency trading industry.
As the situation unfolds, organizations are urged to prioritize cybersecurity to effectively mitigate the risk of similar breaches in the future.
Security struggles, crypto heists on the rise
In recent months, a slew of significant crypto hacks and scams resulted in losses nearing a billion dollars.
According to reports from Certik, these incidents were attributed to various factors such as protocol exploits, exit scams, private key exploits, and oracle manipulation.
One notable event was the Mixin Network exploit in Sept. 2023, causing a $200 million loss and marking it as the most substantial exploit of the year. Furthermore, cybercriminals targeted Stake.com, leading to a $735 million loss and placing it among the ten biggest hacks of the year.
The top 10 hacks in 2023 accounted for 84% of the total stolen amount, with over $620 million taken in those attacks alone.
DefiLlama data reveals that cybercriminals have inflicted losses exceeding $735 million on crypto companies and defi protocols through 69 hacks in 2023. With three months remaining in the year, 2023 appears to fare better than 2022, which witnessed hackers making off with over $3.2 billion across 60 hacks.
These incidents underscore the persistent challenges in securing digital assets and highlight the urgent need for enhanced security measures within the cryptocurrency industry, emphasizing the critical importance of robust security protocols to safeguard digital assets.