Bilaxy Exchange Suffers Security Breach with a Loss of $21 Million

Summary

On August 28, 2021, Bilaxy, a Seychelles-based centralized exchange, experienced a security breach, resulting in a loss of approximately $21 million. The attacker compromised Bilaxy’s hot wallet and transferred roughly 300 tokens, including notable cryptocurrencies such as USDT, USDC, UNI, and Bilaxy Token(BIA), among others. As of August 16, 2023, the attacker still controls various tokens worth roughly $3,628,005.

Attackers

The identity of the attackers remains unknown. The funds were transferred to the following address:

Losses

The total loss from this security breach amounts to approximately $21 million.

Timeline

Security Failure Causes

  • Private Key Compromise: The attack was facilitated through a compromise of Bilaxy’s hot wallet, allowing the attacker to gain control over various assets.
  • Insufficient Security Measures: Bilaxy’s lack of focus on security, insufficient blockchain monitoring, absence of two-factor authentication (2FA) in some layers of the protocol, and overall lack of transparency.