XT Exchange

In November 2024, XT Exchange, a Seychelles-based centralized cryptocurrency exchange (CEX), suffered a hack that resulted in the theft of approximately $1.7 million in user funds. The attacker compromised the exchange’s hot wallet, likely by gaining access to a private key—an all-too-common vulnerability in centralized exchange breaches.

The stolen assets, comprising 12 different tokens, were swiftly swapped for 461.58 ETH. Upon detecting the breach, XT Exchange froze all withdrawals and initially claimed the suspension was due to routine maintenance and wallet upgrades.

However, the exchange later acknowledged the unauthorized transfers and confirmed the hack. XT Exchange assured users that it maintains reserves worth 1.5 times the value of all user deposits, emphasizing that customer funds remained secure despite the incident.

This breach highlights the critical importance of safeguarding private keys in blockchain systems and reinforces the need for stronger security measures such as multi-signature (multi-sig) or multi-party computation (MPC) wallets. Ultimately, the hack underscores persistent concerns over centralized exchange vulnerabilities and the necessity for transparency and proactive security protocols to maintain user trust.