Key Takeaways
- The attackerโs wallet reportedly received approximately $3.7 million in USDT, 97 million SHIB tokens, and 1,378 ETH.
- M2 announced that all affected customers had been fully reimbursed.
Leading Abu Dhabi-based crypto exchange M2 suffered a major security breach on October 31, resulting in the loss of $13.7 million in various digital assets, including Bitcoin (BTC), Ethereum (ETH), and Solana (SOL).
The hack, which took place at approximately 3:16 a.m., saw attackers gain access to M2’s hot wallets, exploiting vulnerabilities to drain funds across several digital assets. Despite the attack, M2 moved quickly to contain the damage, announcing on November 1 that affected customers had been fully reimbursed.
In a statement, M2 confirmed that it โswiftly respondedโ to the breach within 16 minutes, restoring operations and bolstering security measures to protect customer assets. Although M2 refrained from revealing the exact nature of the hack, blockchain security firm Cyvers provided additional insights, noting that three wallets on the Bitcoin, Ethereum, and Solana networks were compromised.
M2 has taken steps to fortify its systems but has not disclosed specifics on the “enhanced security” measures implemented following the hack. In its latest security update, the exchange reaffirmed its dedication to โupholding the highest standards of security and complianceโ while adding that its committed to safeguarding customer assets as it works alongside authorities to conclude the investigation.
The attackerโs wallet reportedly received approximately $3.7 million in Tether (USDT), 97 million Shiba Inu (SHIB) tokens, and 1,378 Ethereum (ETH). These assets were rapidly converted into ETH, and an estimated $10 million remains on the Ethereum blockchain.
M2 assured its clients that it had โtaken full responsibility for any potential lossesโ and stated that all customer funds had been fully restored, with trading and withdrawal services now running as usual. In its November 1 statement, M2 also confirmed close cooperation with relevant legal and regulatory authorities in Abu Dhabi to thoroughly investigate the incident.
According to Cyvers, centralized finance (CeFi) platforms like M2 have seen a nearly 1,000% rise in security breaches year over year. In contrast, decentralized finance (DeFi) platforms reported a 25% decrease in losses. However, complex smart contracts in DeFi still present substantial risk.
The breach comes amid a surge in global crypto-related hacks. In October, Web3 security firm CertiK released a report revealing that $750 million in crypto assets had been lost to hacks in Q3 2024 alone, pushing the yearโs total losses from crypto hacks to over $2 billionโa 72% increase compared to the previous year.
Founded in November 2022, M2 operates out of Abu Dhabi, co-founded by Phoenix Group CEO Bijan Alizadeh Fard and Stefan Kimmel, a former executive with Kraken MENA and the Commercial Bank of Dubai.