The crypto exchange M2 reported a hack, which was subsequently recovered. The exploit affected hot wallets with Ethereum (ETH), Solana (SOL), and Bitcoin (BTC).
The crypto exchange M2 reported more than $13.7M lost from its hot wallets. A few hours later, the exchange issued a statement that the funds were recovered. The exploit happened late on October 31, affecting wallets with ETH, SOL, and BTC.
Later, the exchange reported it has made its users whole, without specifying the details of the exploit. M2 is a relatively small exchange, carrying only $32K in daily trades as of November 1. The market operator is based in Abu Dhabi and is a minor addition to crypto activity. M2 has operated for about a year, serving a limited market.
Despite this, the exchange held more than $67M in various assets in its cold wallet, and more than $11.5M in its hot wallet on a total of six chains. M2 supports coins and tokens on Bitcoin, Ethereum, Solana, BNB Chain, Avalanche, Arbitrum, and Polygon. None of the other chains and tokens were affected, though one of the attacker’s wallets contained a suspicious transfer of 97.42B SHIB transferred close to the time of the exploit.
“M2 has taken full responsibility for any potential losses, demonstrating our unwavering commitment to safeguarding our customers’ interests. All services are now fully operational with additional controls in place,” M2 stated hours after the hack.
M2 has not given any more information on how the hack happened, and claimed to have restored the funds in the first minutes after the attack. The exchange did not close its hot wallets for investigation, and continued to pay out withdrawals to other traders.
The exploit at the end of October lined up among the biggest for that month. The hack followed an attempt to divert $20M from the wallets of the US government. Previously, various attacks affected EigenLayer for $5.7M, Radiant Capital’s wallets for more than $50M, and Tapioca Foundation for $4.7M on BNB Chain. Other recent exploits included the malicious token minting from Sunray Finance, a recently launched protocol aiming to build a DEX.
In October, major hacks and exploits exceeded $100M, with more than 20 major exploits.
Exploiter addresses still hold the funds
While M2 stated its depositors are safe, the stolen funds were mostly still held in the hacker’s wallets. The end destination of the exploit were identified by on-chain researcher ZachXBT.
The biggest share of the hack is for Ethereum (ETH), with more than $10.3M held in a single wallet. As of November 1, the funds were not mixed or sent to exchanges. The inflows into the wallet happened in a series of repetitive transactions of either 17 or 42 ETH.
The exploiter also ordered two transactions of BTC, collecting a total of 41 BTC in a single address. The exploiter ordered a smaller transaction of 2 BTC, before adding another one for 29 BTC.
The SOL tokens transferred were moved or swapped for WSOL, and the hacked does not hold them in their balance.
All the blue chip assets flowed out of the hot wallets of M2, potentially pointing to a flaw inherent to exchange accounts. M2 recovered the funds for its customers, so personal balances were not affected. However, the hacker had no problem ordering multiple transactions in the span of a few minutes. M2 does not reveal the exact nature of the hack.
Certik accounts for $115M in October hacks
Hacks and exploits in October remained at a high level, with exploits against both organizations and individual wallets. One of the latest attempts was through Lottie Player, causing websites to display a malicious link to connect wallets.
Certik counted a larger number of exploits, for a total of $115.8M, excluding the latest M2 exploit. Only $245K of the stolen funds were returned in the past month.
According to Certik, exit scams and flash loans accounted for only $2.7M in value lost. More than 127M came from attacking large entities. On average, the past year has seen hacks close to $2B as crypto prices recovered and more coins and tokens were targeted.
