M2 Exchange is a cryptocurrency platform based in the United Arab Emirates, providing trading services across various blockchain networks, including Ethereum (ETH), Bitcoin (BTC), and Solana (SOL). On 30 October 2024, the exchange experienced a security breach, resulting in the loss of approximately $13.7 million. The root cause of the incident was traced to an access control vulnerability within the platform’s infrastructure.
Behind the Breach
The breach was facilitated by a flaw in M2 Exchange's access control mechanisms, allowing unauthorised access to the platform’s hot wallets. Hot wallets, which are continuously connected to the internet for transaction purposes, are inherently more vulnerable to attacks than cold wallets. In this instance, the attacker exploited the access control weakness, transferring funds from M2’s hot wallets to external addresses. The assets stolen included 1,378 ETH, 97 million SHIBA tokens, and $3.7 million in USDT, which were swiftly converted to ETH.
Lessons from the Incident
This incident highlights the critical importance of robust access control measures for cryptocurrency exchanges. To mitigate similar vulnerabilities, exchanges should implement multi-factor authentication, conduct regular security audits, and enable real-time monitoring of wallet activities. Additionally, minimising the amount of funds held in hot wallets and storing the majority in cold wallets can substantially reduce the risk of major losses in the event of a breach.
Rivanorth is a cybersecurity company specialising in smart contract audits and 360 degree security services for Web3.
Visit rivanorth.com to find out more.
You build the future. We help you secure it.