Back to main pageIncident and Activity Report I
- Date
- 21/06/2024
- Share
Incident
On June 4th, 2024, Lykke UK, Lykke Corp AG, Lykke Services AG and Open Chain AG suffered an attack on their operational infrastructure of exchange and custody. As the re- sult of the breach in the Lykke Exchange infrastructure the accounts of Lykke at its liquidity providers B2C2 and LMAX were accessed and nearly all funds from them moved to Lykke’s crypto wallets. Then, crypto wallets of aforementioned companies have been hacked and crypto assets withdrawn.
Withdrawn Funds Breakdown
- Bitcoin (BTC): 158.34 BTC (~$11.3M)
- DAI: 10.5M DAI (~$10.5M)
- Ethereum (ETH): 64 ETH (~$246k)
- Bitcoin Cash (BCH): 982 BCH (~$487k)
- Litecoin (LTC): 2643 LTC (~$225k)
- Total of $22.8M
First Response Actions
- As soon as the attack was detected, the crypto custody solution was shut down to block any transfers. Subsequently other systems that were considered to be affected were shut down as well, which led to a full operational stop of the Lykke exchange.
- An internal investigation was initiated to identify security breaches used by the attackers, attack entry points and source of the attack.
- Further measures had been put in place to secure evidence and traces of the flow of withdrawn funds.
Law Enforcement and External Collaboration
- We contracted Match Systems to assist in blocking and recovering the withdrawn funds. Subsequently addresses with these funds were marked as fraudulent, major exchanges informed.
- A criminal complaint has been filed to authorities. Law enforcement agencies are actively collaborating with Lykke and our assigned partners on the investigation.
- We engaged an external cyber-security consulting company, to collect and secure evidence of the attack in a proper legally defensible way, aid in the internal investigation and later in ensuring security of our systems.
Operational Measures
- Lykke operations remain shut down to facilitate the investigation and ensure security.
- Funding has been secured to ensure the continued functioning of the company.
- Design of the roadmap for revamping the full operation stage by stage has begun.
Ongoing and Next Action Points
- Continue internal investigation and evidence preservation.
- Track and recover the withdrawn funds.
- Secure all systems by changing all exposed internal system keys. There are 1000+ keys of internal doors that have been exposed and need to be changed.
- Review and strengthen our security policies and processes to prevent future incidents.
Warm regards,
Lykke Team
Share this