Lykke Exchange under maintenance following security incident. Inactive until further notice. Read updates here.

Frequently asked questions about the security incident

1. Details and Impact of the Security Incident

  • How did they get in?
    The hackers managed to infiltrate vulnerabilities that they detected in Lykke’s operational software systems. Detailed forensics indicate that the theft was executed by a professional external team.
  • Was the hack due to phishing or a direct attack on the system?
    The attack was directly on the system, exploiting its vulnerabilities to invade the Lykke systems and execute the transactions.
  • Which company has been appointed to investigate the hack?
    The investigation of the hack is done with internal resources supported by a reputable external cyber security consulting company. Its name will be disclosed later.
  • Assuming recovery is not successful, which users will be impacted?
    No users will be impacted. Lykke Corp has a strong capital base that will be used to cover the gap. However, this will take time, because the capital is not liquid.
  • What happens to the users' crypto assets in the portfolio?
    The crypto assets as such, as they are displayed in the wallets of the users with backend accounting, are not affected by the hack and remain correct. The theft has impacted the backend operations. The balances of the crypto assets and fiat accounts will be unchanged when the platform is reopened. At this time, market prices updates are frozen and thus unchanged since the hack. As a first step we will bring the price feed up and running so that your portfolio valuations are up to date.
  • Is this related to private wallets or also what we see in the 'portfolio' section?
    The private wallets are not affected. The hack has not impacted the ‘private wallet’ where crypto assets are stored separately directly on the blockchain for each wallet.
  • What is the impact on the trading portfolio on the exchange?
    Crypto assets totaling $22.8 million were stolen. This figure is equivalent to roughly a third of all user funds.

2. Response and Recovery Plan

  • What steps did Lykke immediately take once the hack was discovered?
    The custody system was immediately shut down to prevent further damage. The Lykke Exchange has been placed in maintenance mode since, as operation is not possible without the custody system. An external company, Match Systems, has been contracted to help in the recovery of the withdrawn funds, and all necessary steps have been taken. The Swiss police have been informed and involved in the recovery efforts. Additionally, an internal investigation is ongoing with the assistance of a leading security consulting company.
  • How is Lykke ensuring transparency moving forward?
    Every Friday, Lykke publishes a report detailing the progress made in tracking down the funds, how security improvements are being implemented and steps being taken to relaunch the exchange. These weekly reports will contain information that our users can use to monitor ongoing activities and our risk reduction initiatives. Additionally, town hall meetings will be held whenever significant news or milestones are reached, ensuring the community can ask questions and receive real-time answers and clarifications.
  • How likely is it that the stolen funds will be recovered?
    We have been able to track all the movements of funds and are supported by a strong team. The final outcome is uncertain. Management assumes the worst case scenario: that funds are not recovered. The safety of the funds is ensured. We aim at making rapid progress in making these available to our users as quickly as possible. 
  • Are the hackers' assets frozen, and is there ongoing communication with them?
    The hackers have control over the external wallets where they transferred Lykke’s funds. There is no contact with them. The tokens used by the hacker to store the value of the funds do not have a centralized “freeze” feature enforceable by law enforcement authorities. However, the IP addresses on which the hacker stores the assets have been reported to major exchanges as “stolen funds.” This makes their use more difficult for the hacker.

3. Compensation and User Funds

  • Will Lykke cover the losses for its clients using its own assets?
    Lykke will honour its obligation to every client in the amount of exact assets stored in the user account at the moment of the attack, and which is currently visible in the app. In order to do that Lykke is taking steps to unlock its capital. However, this will take several months. No losses related to market price movements or “lost opportunity” will be covered to clients.
  • How will users be compensated if BTC or other crypto assets were stolen?
    Assets will be returned on a 1:1 basis. So if you had 1 BTC in your portfolio, you will hold 1 BTC when the exchange reopens. We have also announced that we will offer a voluntary compensation scheme to document our aim to have satisfied customers. 
  • What about the impact on users who were unable to trade during the hack?
    We cannot cover any losses caused by users’ inability to close or open trading positions during the exchange’s downtime. We are doing everything possible to bring the system live as quickly as possible. A first step will be real time pricing, followed by a second step where users can manage positions and buy/sell cryptos and fiat. Only later will deposits and withdrawals be enabled when potential vulnerabilities are addressed.
  • When will users be able to withdraw their funds?
    Unfortunately this will be the last step in the recovery process of the exchange and an expected time of the release of funds is not yet known. Lykke’s recovery plan involves several steps: 
    1. Ensure we cover our liabilities, either by recovering the assets or by filling the gap with Lykke Group’s capital reserves. 
    2. Ensure security of operations, which involves finalizing the internal investigation, removing discovered security vulnerabilities, and strengthening system security.
    3. Restoring operations step-by-step, firstly showing users’ positions at current market prices, then enabling trading to allow users to manage their positions, and finally enabling deposits and withdrawals. 
  • Why can't fiat currency be withdrawn now?
    Centralized exchanges like Lykke use an omnibus account, where customer assets are pooled. Crypto and fiat assets from trading activities are managed and warhoused in an integrated backend operating system. We cannot activate withdrawals or deposits for fiat or crypto until all vulnerabilities are fixed.
  • Will users get back their exact crypto assets or fiat equivalents?
    Users will receive their funds back in a 1:1 ratio, meaning that if you had 1 BTC and $1,000 in your portfolio, you will still have access to those identical assets once the Lykke exchange resumes operations.

4. Security and Future Prevention

  • What security measures are being implemented to prevent future hacks?
    We are currently conducting a detailed investigation of all shortcomings and preparing a detailed plan of security measures. Additional information will be provided in future communications.
  • Is Lykke conducting security testing before resuming operations?
    Yes, the Lykke team is conducting a deep internal investigation to identify the security vulnerabilities that were exploited as well as any other points of risk as part of our recovery plan. These vulnerabilities will be removed and overall security of the system will be improved and tested. 
  • What are Lykke's security practices in software engineering?
    Going forward we will report on Lykke’s security practices.
  • Does Lykke have insurance against hacks?
    No, Lykke is not insured against theft of assets, but we have strong capital reserves that will be used to fill the gap, if funds are not recovered. 
  • How well capitalized is Lykke, and can it cover the full $22 million loss?
    Lykke as a group has very strong capital reserves thanks to its diversified and complementary activities, which are now being activated to cover the entire loss.  
  • Will Lykke need to sell parts of its business to cover the losses?
    No, Lykke has no plans to sell any part of its business. Our strong capital reserves will cover the losses. It will take some time to liquidate them however.

5. User Communication and Trust

  • Why was there a delay in informing the users about the hack?
    We apologize for the delay in informing users about the hack. The team focused on immediate damage control. We appreciate your understanding and patience, as we work on improving communication.
  • Will there be a recording of the town hall meeting available for users?
    Yes, it is uploaded on Lykke’s webpage dedicated to the incident. 
  • How can users stay updated on the recovery progress?
    We are sending out updates to all exchange users every Friday. You can find all weekly updates on our webpage dedicated to the incident here
  • How is Lykke planning to restore user trust after the incident?
    We publish a newsletter with the most recent developments every Friday and schedule a town hall meeting whenever there are major new developments. We are very grateful for users' feedback and work collaboratively to address all concerns. We aim to foster peace of mind and rebuild trust.
  • What assurances can Lykke provide to ensure that similar incidents will not occur in the future?
    As we are speaking, we are implementing learnings from this event and we will only go live when potential vulnerabilities are fixed.