Altilly

On December 23, 2020, Altilly, a Sweden-based unregulated cryptocurrency exchange, was hacked, resulting in the theft of approximately $1 million, including 30 BTC and 12,000 USDT, as reported in the provided article. Detected at 00:00 UTC, the attacker gained unauthorized access to Altilly’s servers via an unsecured hosting provider account lacking 2FA, created in 2018, which allowed admin-level control and access to hot wallets, per the article. The attacker rebooted servers in rescue mode, created a new system user, and deleted backups using compromised API keys, rendering funds in encrypted wallets inaccessible, per Reddit (r/Bitcoin). Altilly, with $4.7 million daily trading volume and 65,000 users per BeInCrypto, lost server access, including databases and wallets, and shut down, per Cryptowisser.

The Qredit team, which acquired Altilly in 2019, promised to repay users within six months using profits from unrelated projects, requiring claims by February 26, 2021, but many users reported non-delivery, per Trustpilot. No funds were recovered, though Altilly monitored stolen asset addresses and reported the breach to Swedish authorities, per the article. One of 208 crypto hacks in 2020 costing $3.7 billion, per Chainalysis, this incident, alongside ETERBASE’s $5.1 million loss, highlighted hot wallet and hosting vulnerabilities, fueling calls for offline storage, robust 2FA, and secure backup protocols to protect crypto platforms.