The self-proclaimed "world’s most comprehensive and secure trading platform" for cryptocurrency announced yesterday that a hacker stole $90 million worth of Bitcoin, Ethereum, and XRP from "some of the crypto wallets" that it manages.
The company in question is called Liquid, and according to its website, the security of its platform is one of its main selling points. But that didn't stop the hacker from stealing $90 million worth of cryptocurrency from the platform's "warm wallet."
Crypto wallets are usually described using just two temperatures: hot and cold. A "hot" wallet is always connected to the internet; a "cold" wallet is not. Thus, a so-called "warm" wallet is always connected but features more protection than a hot wallet.
Liquid said in its incident report that its "teams are still assessing the attack vector used and taking measures to mitigate the impact to users." On its website, it warned customers not to transfer any crypto to their Liquid wallet addresses.
The company has shared more information on Twitter, including the addresses to which the assets were transferred and the claim that the "attacker deposited XRP via another exchange," with the promise that further updates would be forthcoming.
This hack pales in comparison to the $600 million theft from the Poly Network decentralized finance platform, both in how much was stolen (less than a sixth) and entertainment value (so far, this hacker hasn't said anything about Batman).
But there appears to be another key difference: The Poly Network hacker returned the stolen funds. So far, it seems whoever stole the $90 million worth of crypto from Liquid is more interested in cashing out than improving the exchange's security.