As long-time advocates of index funds and passive investing strategies, we have urged investors to be wary of speculative fads like cryptocurrencies that promise unrealistic returns. The recent hack of decentralized exchange FixedFloat, resulting in the theft of $26 million worth of Bitcoin and Ethereum, underscores the stark risks behind the hype.
FixedFloat bills itself as a 'non-custodial' platform where users retain control of their private keys. However, this hack demonstrates that even without taking custody of funds, exchanges remain vulnerable to security failures that put customer assets at risk.
According to FixedFloat, 'vulnerabilities and insufficient protection' enabled the breach. While they claim to be fixing issues, the opaque nature of blockchain exploits means vulnerabilities likely persist not just on this platform but across the industry.
We reached out to FixedFloat for comment before publishing this article, but received no response. However, the company did post the following statement on their X (formerly Twitter) platform:
We are ready to answer some questions from journalists regarding the hacking incident and provide our comments. Please contact us by e-mail pr@fixedfloat.com
— FixedFloat⚡️ (@FixedFloat) February 19, 2024
Of course, a disclaimer: while appearing open on the surface, substantive transparency requires detailed public disclosure instead of private Q&As. That said, this is far better than most disclosure policies.
As industry outsiders, we believe overconfidence in the security and control of cryptocurrency has blinded enthusiasts to the very real risks. Personal responsibility can only go so far when complex cryptography few comprehend enables theft. Where can users turn for recourse whenBitcoins vanish?
Law enforcement lacks specialized expertise to trace stolen funds or prosecute crimes across decentralized networks. Perhaps the biggest illusion is that being 'non-custodial' fully empowers the individual. In practice, retail investors depend heavily on platforms and developers to provide robust security they may not fully grasp. Caveat emptor remains the rule in these digital Wild West markets.
What lessons emerge from this mess? First, timeless investing principles around transparency and skeptical inquiry should give investors pause before allocating hard-earned savings to opaque assets prone to hacking, fraud or simple code failure. Second, sustainable investing requires balancing risks against reasonable expectations of return over the long-term.
Based on past crashes, most well-regarded investing gurus anticipate further cryptocurrency reckoning lies ahead for starry-eyed speculators lured by promises of exponential gains. For those determined to experiment in this volatile territory, we strongly urge allocating only discretionary funds one can afford to lose outright. The FixedFloat debacle serves as a wake-up call - ignore sensible risk management at your own peril.
Disclaimer: the author of this post has no positions in the company mentioned but does have cryptocurrency holdings.
Update: As part of our efforts to understand the recent hack, decentralized cryptocurrency exchange FixedFloat has helpfully provided answers to initial questions related to the security breach. In their responses, FixedFloat confirms external attackers were able to exploit vulnerabilities to access internal systems and steal exchange-owned funds not belonging to user wallets. After detecting unauthorized activity, the team worked swiftly not only to contain the breach, but to eliminate weaknesses before making broader statements as they prioritized restoring protections. FixedFloat indicates they now aim to resume platform operations within days as they cooperate with authorities to trace missing assets. While avoiding specifics, they reaffirm commitments to security enhancements and future auditing.