On November 2nd, 2022, Deribit Exchange’s hot wallet was compromised. Client funds are safe as the loss will be covered by company reserves. A private key leak may have led to the loss of ~$28m in USDC, ETH and BTC across the Ethereum and Bitcoin chains. This is the third largest private key compromise of 2022.
On Nov 2nd, 2022 an announcement was made by Deribit Exchange stating that their hot wallets were compromised. The loss will be covered by company reserves. The company claims to keep “99% of…user funds in cold storage to limit the impact of these types of events”.
Withdrawals were temporally suspended with a later update informing users that on-chain deposit addresses for BTC, ETH and USDC will have to be regenerated; previous deposit addresses will no longer be valid.
They announced that the insurance fund will not be impacted and that all losses would be covered by the insurance fund. That ongoing operations will not be impacted either.
Deribit Exchange worked towards opening regular on-chain withdrawals later in the day. Withdrawals via third-party custodians Copper Clearloop and Cobo were re-enabled. Deribit re-opened regular withdrawals for BTC, ETH and USDC after they opened Copper Clearloop and Cobo withdrawals. Deribit also migrated all the hot wallets to FireBlocks, which resulted in Deribit deposit addresses being renewed and old deposit addresses removed.
A private key leak has led to the loss of ~6,947 Ether, ~$3,394,823 USDC and ~691 Bitcoin for a total of roughly ~$28 million USD.
Deribit Hotwallet (ETH Compromised):
Deribit Hotwallet (Bitcoin Compromised):
Deribit Hotwallet Exploit2(ETH):
Deribit Hotwallet Exploit(ETH):
Deribit Hotwallet Exploit(Bitcoin):
The combined stolen assets of Bitcoin and ETH is roughly ~$28 million USD (~6,947 Ether, ~$3,394,823 USDC and ~691 Bitcoin). The stolen assets are still in 0xb0606...(ETH) and bc1qw5g...(Bitcoin) by the time of writing this report (2022-11-02 08:39:11 UTC).
Two days after the Deribit incident, the hacker started moving funds via Tornado cash. https://etherscan.io/address/0xb0606f433496bf66338b8ad6b6d51fc4d84a44cd. The attacker moved 1,610 ETH in 17 transactions; 16 of the transactions moved 100 ETH, while the remaining transaction moved just 10. The attack against Deribit Exchange was the 3rd largest wallet compromise this year.
Deribit Exchange later announced that it is now impossible for any hacker to withdrawal any funds from a hot wallet because it now requires additional human verification. Deribit believes this is the best approach moving forward to ensure that no further attacks will occur.