On June 4th, the crypto exchange Lykke, based in Switzerland and the United Kingdom, was the victim of a hack that took away a whopping 22 million dollars from the platform.
The project team attempted unsuccessfully to hide the evidence of the incident, disguising everything as an unscheduled update to the exchange systems and blocking user withdrawals.
After a few days, Lykke admitted what happened with the hack, but reassured its customers that it has the necessary funds for a full refund.
Let’s see everything in detail below.
Summary
Lykke: the crypto exchange of the United Kingdom suffers a hack of 22 million dollars
Lykke, a centralized crypto exchange launched in 2015 and based in Svizzera and Regno Unito that advertises itself as a “commission-free exchange“, has fallen victim to a hack worth a total of 22 million dollars.
The attack, carried out by users still unidentified on June 4, was detected and publicly shared only on June 6, when the cryptographic researcher SomaXBT reported the incident on X.
Apparently, some malicious individuals exploited a flaw in the sicurezza systems of the platform, which allowed them to find the private keys with the attached million-dollar loot.
According to on-chain data, about half of the stolen amount was in Bitcoin, while the rest was divided into Ethereum, Litecoin, and Bitcoin Cash.
Now the Lykke exchange is blocked and its users are unable to operate until the security issue is resolved and the lost liquidity is recovered.
The website of the exchange is, in fact, currently under maintenance and will remain inactive until further official communications.
It is still unclear how the hackers managed to get hold of the private keys of the platform. On this matter, the CEO of Lykke, Richard Olsen, stated the following in an interview with DLNews, reassuring that the funds are safe:
“We are still investigating the causes of this security incident. In the meantime, you can be sure that your funds are safe. Lykke is a diversified activity with strong capital reserves.”
In the meantime the team of the exchange has stated that it has discovered the IP addresses of those responsible for the hack, and has stated that it will use that data to carry out an investigation with the competent law enforcement authorities.
Additionally, Lykke has hired a group of cybersecurity experts to try to recover the 22 million dollars stolen, attempting to trace the attacker’s on-chain tracks.
We remind you that Lykke is the second cryptocurrency exchange to be hacked in the last two weeks, with DMM Bitcoin seeing as much as 320 million dollars evaporate on May 31 following an exploit.
According to DefiLlama, since the beginning of 2024, cryptographic protocols and services have already been hacked for over 600 million dollars, with numbers that still seem lower compared to what was reported in previous years.
The team of the exchange tries to hide the evidence of the attack
Despite the crypto exchange Lykke being attacked by the hack on Tuesday, June 4, the users of the platform remained unaware of everything until June 6, when SomaXBT publicly pointed out the security breach.
Just a few hours after the incident, many clients of the crypto exchange were complaining that the balances of their accounts seemed emptied, but the team reassured them by saying that it was a visualization bug.
SomaXBT, immediately after writing on X about the incident, published a screenshot of a Discord message from the Swiss group’s team, which alerted its users to a supposed “unplanned full system maintenance”.
Despite being aware of having been robbed, the executives of Lykke preferred to lie to their community, trying to hide the evidence of the attack in order not to lose credibility and trust.
It’s a pity that the sceneggiata lasted only a few hours.
After the warning from the researcher SomaXBT, the exchange Lykke did not immediately admit its faults for the hack, but continued to pretend nothing happened for the following 4 days.
On June 8, a user added more fuel to the fire by complaining that the platform was not working and seemed to have been breached.
Finally, on June 10, after a full 6 days from the hack, the Lykke team confirmed the incident, apologizing to the interested users. Here is what was written in an email sent to the community:
“We deeply apologize for the inconvenience and concern that this attack has caused to all affected customers and partners.”
Lykke has stated that it possesses all the necessary reserves to overcome these losses and that all lost funds will be reimbursed. As the good CZ would say: “Funds are Safu”.
Despite this, even if everything returns to normal, the lack of transparency of the exchange has not been appreciated by its clients, who are now considering whether to leave the company as soon as they get their funds back.
These situations remind us of how centralized exchange platforms can be potentially vulnerable and how we do not have full control of our assets when we use them, while non-custodial solutions make us primarily responsible for the security and management of the cryptocurrencies we own.
