UAE-based cryptocurrency exchange M2 suffered a loss of $13.7 million in digital assets due to a serious security breach.
The exchange said in a statement on November 1 that the incident occurred around 3:16 a.m. on October 31, and that although its team responded quickly to the attack, the breach still resulted in significant asset loss.
The exchange provided limited details about the breach, but blockchain security firm Cyvers said the theft occurred from three addresses on the Bitcoin, Ethereum, and Solana networks.
Cybers explained that he received approximately $3.7 million in USDT, $97 million in SHIB, and 1,378 ETH from a suspicious address. This address converted all of these assets to ETH, with an estimated loss of approximately $13 million. There are currently $10 million remaining on the Ethereum network.
However, M2 assured customers that the situation has been resolved and all affected funds have been fully restored. In the resolution, the company said its services are operating as usual and have been strengthened with enhanced security controls.
M2 also took full responsibility for any potential losses and emphasized its commitment to protecting its customers by cooperating closely with investigating authorities. It said:
“We are actively working with relevant legal and regulatory authorities to ensure this matter is dealt with thoroughly and appropriately.”
CEX exploits on the rise
Cybers commented. CryptoSlate This attack is part of a worrying trend of increasing cryptocurrency security breaches.
According to the company, cryptocurrency projects lost more than $2 billion due to hacks in the first three quarters of 2024 alone, surpassing all of 2023 and representing a 72% year-over-year increase.
Cybers noted that security incidents have surged nearly 1,000% year over year on centralized finance (CeFi) platforms, while losses have decreased by 25% on DeFi platforms. However, due to the complexity of smart contracts and protocols, they are still at risk.
This led the company to recommend that cryptocurrency projects implement robust security measures, including advanced access controls, AI-based real-time monitoring, regular audits, threat detection systems, and clear incident response plans.