On October 31, UAE based cryptocurrency exchange M2 Exchange was hit with a big breach of $13.7 million. The exchange fixed the issue within 16 minutes, protecting customer funds.
In a statement M2 said all lost funds have been recovered and trading is back up with additional security measures in place.
The incident shows the ongoing struggle of cryptocurrency exchanges with cybersecurity.
According to M2, the breach was detected by Cyvers, a blockchain security firm, which found unauthorized transactions on Ethereum, Solana and Bitcoin networks.
The compromised address received 3.7 million USDT, 97 million Shiba Inu tokens and 1,378 ETH which was quickly converted to ether.
M2’s quick response was to recover funds and add additional access controls to prevent future incidents.
Cyvers Identifies Rising Vulnerability of Crypto Exchanges
Cyvers involvement in the M2 breach has highlighted the growing vulnerability of centralized finance (CeFi) to cyber attacks. While DeFi has seen a 25% decrease in losses, CeFi has seen a 1000% increase in breaches in the last year according to Cyvers.
Notable incidents include the $305 million DMM hack and the $235 million WazirX heist which has raised concerns about the security gaps in the industry.
Cyvers said centralized exchanges are most vulnerable to access control violations which was the primary method of exploit in the M2 breach.
The firm advised exchanges to strengthen access controls, implement real time monitoring and conduct regular security audits.
- Growing Risks: Centralized exchanges saw a 1,000% increase in attacks.
- Notable Breaches: High-profile incidents include DMM’s $305M and WazirX’s $235M hacks.
- Cybersecurity Measures: Enhanced controls recommended for CeFi platforms.
Security Recommendations for Crypto Exchanges
n light of the breach, Cyvers has advised cryptocurrency exchanges to adopt a multi-layered security strategy to protect user assets. Key recommendations include:
- Enhanced Access Controls: Strict authentication protocols to prevent unauthorized access.
- Real-Time AI Monitoring: Immediate detection of suspicious activities.
- Regular Security Audits: Comprehensive reviews to identify vulnerabilities.
- Incident Response Plan: Preparedness for rapid action in case of a breach.
- Cybersecurity Insurance: Financial backup to cover potential losses.
These measures, Cyvers argues, are crucial for building resilience against the increasing number of cyber threats targeting the industry. Additionally, staying updated with regulatory requirements and educating employees and users on security practices can further mitigate risks. For exchanges like M2, investing in advanced security infrastructure is essential to retain investor confidence and ensure long-term operational stability.
In conclusion, the M2 Exchange breach serves as a stark reminder of the cybersecurity challenges in the crypto sector. While M2’s swift response limited the damage, the incident highlights the critical need for proactive security measures to protect user funds in a rapidly evolving threat landscape.
In light of the breach, Cyvers has advised cryptocurrency exchanges to adopt a multi-layered security strategy to protect user assets. Key recommendations include.