Lykke cryptocurrency exchange has halted withdrawals after suffering an exploit on June 4, according to a June 10 social media announcement. The exchange claimed that users’ funds “are safe and will be recovered.”
According to the post, both Lykke UK and Lykke Corp AG were affected by the attack.
In another post in the same thread, the exchange stated that withdrawals have been paused “as a preventative measure.”
Lykke is a centralized cryptocurrency exchange launched in 2015 and based in Switzerland. On its website, it advertises itself as a “no fee crypto exchange” and claims to have evolved from a “prominent forex broker.”
Blockchain security researcher SomaXBT claimed to have discovered the attack on June 9. They accused the team of attempting to hide the security breach, stating “@lykke CTX got exploited and lost $19.5 million worth crypto assets but team still trying to hide this fact.” In a reply to their own post, SomaXBT provided a screenshot of a Discord message reportedly from the team. The message stated that the exchange was “performing an unscheduled full system maintenance!”
On June 8, one Lykke user complained on X that the exchange was not working and that there were rumors that it had been hacked.
Magazine: Crypto exposes sudden rift among Democrats months ahead of election
In the June 10 post acknowledging the attack, the team expressed apologies to affected users. “We deeply apologize for the inconvenience and concern this attack has caused all affected clients and partners,” it stated. The team said the exchange possesses “solid capital reserves and a diverse portfolio,” which will allow it to weather any potential losses from the attack, making client funds “safe.”
The exchange also claimed that it has discovered the IP addresses of the attacker, which it will use for a criminal investigation, and that a cybersecurity team has been hired to work on “blocking and recovering the stolen assets.” more than $22 million was lost in the attack, according to the team’s estimates.
Blockchain researchers continue to discover unacknowledged exploits against centralized exchanges. On April 19, on-chain sleuth ZachXBT announced that Rain exchange had been hacked two weeks earlier for $14.1 million. Rain later acknowledged the attack, stating that no customer funds had been lost, as it had “plugged the hole immediately from its own reserves.”
Related: Japanese exchange DMM loses $305M in Bitcoin via private key hack