In the latest sign that crypto hackers are exploiting private keys, Lykke, a UK-based crypto exchange, shut down trading on June 6, citing “unauthorised access” to its platform.

The closure came two days after the exchange was hacked, according to SomaXBT, a web researcher, who first reported the incident.

The exchange has sustained $22 million in suspicious outflows, said Taylor Monahan, a MetaMask developer and crypto defence expert.

Unable to withdraw

Lykke recorded $2.5 million in cumulative volume in the last month. Its users are currently unable to withdraw their assets from the platform with several of them stating their account balances have been emptied ― another sign the exchange may have been hacked.

Half of the sum was in Bitcoin, and the rest was a mix of Ether, Litecoin, and Bitcoin Cash, according to onchain data.

Onchain data also shows the Ether withdrawn from the exchange was immediately swapped to the DAI stablecoin, which MakerDAO issues.

At the same time, the stolen Bitcoin has been divided among several wallets — a common tactic hackers employ to obscure the transaction trail when they try to launder the stolen funds.

The exchange has largely been mum about the incident. On June 6, b Lykke CEO Richard Olsen apologised for the platform’s downtime in an email sent to customers.

Security incident

“We are still investigating the causes of this security incident,” Olsen said in the email seen by DL News.

“In the meantime, you can rest assured that your funds are safe,” Olsen said. “Lykke is a diversified business with strong capital reserves.”

The exchange’s website currently displays a message saying the platform is “under maintenance following security” and will remain “inactive under further notice.”

Lykke did not immediately respond to DL News’ requests for comment.

Lykke is the second crypto exchange to be hacked in the last two weeks after DMM Bitcoin saw $320 million stolen from its platform on May 31.

Private key leakage

With 2024 almost halfway done, crypto theft this year has crossed $582 million, DefiLlama data shows.

That figure exceeds the $433 million recorded in the first half of last year.

Most of the biggest hacks this year have been due to private key leakage ― a security problem identified by cybersecurity outfit Cyvers as a potential major concern for crypto companies.

Private keys function like passwords and they control access to crypto wallets. If hackers gain control of a crypto company’s private keys, they can syphon all the funds it keeps in the affected wallets.

Last year, Cyvers’ research revealed that 85% of the $900 million stolen from exchanges, bridges and DeFi protocols in the latter half of the year were due to private key leakage.

Cyvers co-founder Meir Dolev previously told DL News the problem could become more endemic to crypto if industry participants did not adopt safety measures.

The DMM Bitcoin hack, this year’s largest crypto theft to date, has been attributed to private key leakage.

Onchain sleuths say Lykke’s security breach bears similar hallmarks.

Osato Avan-Nomayo is our Nigeria-based DeFi correspondent. He covers DeFi and tech. To share tips or information about stories, please contact him at osato@dlnews.com.