M2 Exchange: Unraveling the $13.7 Million Breach

In partnership with

TL;DR

M2 Exchange experienced a significant security breach, resulting in the theft of $13.7 million across Ethereum, Bitcoin, and Solana. While the exchange quickly reported a resolution and pledged to restore customer funds, concerns remain regarding the untouched stolen assets and the effectiveness of their security measures.

Make Sure This Hack Doesn’t Happen To You 🫵

Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐

For a limited period only, you can get a 7 day FREE trial!

All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today 👇

M2 Exchange, based in the UAE, faced its own “Halloween horror” this year with a $13.7 million security breach. Unlike typical cases, however, the exchange announced the incident only after they had successfully recovered the stolen funds.

The platform, located in Abu Dhabi, reported that it had detected and resolved the breach in just 16 minutes, a rapid response seldom seen in such cases.

Blockchain analyst ZachXBT later confirmed that the attack had affected assets across Ethereum, Bitcoin, and Solana networks.

M2 Exchange’s unusual decision to publicly disclose the hack after recovering the funds raises questions. Was this transparency — or a way to keep certain details in the shadows?

In the early hours of October 30th, Cyvers' AI-powered monitoring system detected unusual activity spreading across Ethereum, Solana, and Bitcoin chains.

Suspicious transactions were swiftly flagged, but the alert reportedly went unnoticed, buried within M2 Exchange’s LinkedIn messages.

M2’s initial statement provided few details, leaving the true cause obscured.

However, a more thorough investigation by Hacken revealed the root issue: an access control breach.

Hacken's in-depth analysis exposed the precise tactics behind the attack, shedding light on the calculated approach used to infiltrate M2’s systems.

As midnight approached, M2 Exchange’s hot wallet (0xE26abc37b06B819243B4B104270Cc18f7C835FcE) began hemorrhaging funds.

The assets initially moved to an external wallet (0xb5f798096bd4D969466E2284Bda01F7A51049d3A) before being transferred to another address (0x968b6984cba14444f23ee51be90652408155e142) for wider distribution.

The attack spanned three chains, with Ethereum taking the hardest hit. Around $10.1 million in assets were drained, including:

• 97 million $SHIBA tokens

• $3.7 million in $USDT

• 1,378 $ETH

These assets were quickly converted into ETH, revealing a carefully executed strategy to consolidate the stolen funds.

In Bitcoin's domain, 41 BTC (valued at $2.87 million) disappeared into private addresses.

Meanwhile, additional assets were routed through Solana, though tracking these funds has proven challenging due to limited visibility on the chain.

The primary addresses associated with the attacker are as follows:

• Ethereum: 0x968b6984cba14444f23ee51be90652408155e142

• Bitcoin: Bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj

• Solana: EKko14NvgqdvNttUb8JjXkVGuUs6BTikjfN3hqW4LQoL

Currently, the stolen funds are stored in two main wallets:

• Ethereum ($10.1 million): 0x968b6984cba14444f23ee51be90652408155e142

• Bitcoin ($2.87 million): bc1qu4kh7wa38xpkrp8frgxl4sak88wx0jug8n3vfj

In response, M2 Exchange quickly issued a statement, claiming they detected, addressed, and resolved the multi-chain breach within an impressive 16 minutes.

M2 Exchange’s rapid response was remarkable, akin to a Houdini-level escape.

In their security update, the exchange announced, “The situation has been fully resolved and customer funds have been restored.”

They reassured users by stating they had “taken full responsibility for any potential losses” and highlighted their “unwavering commitment to safeguarding customers’ interests.”

Yet, the statement felt somewhat vague, offering reassurances of restored services and enhanced security controls without providing details about the exact cause of the breach.

M2 closed by promising cooperation with “relevant legal and regulatory authorities,” although how effectively Abu Dhabi regulators can track down digital attackers remains uncertain.

The speed of M2’s “exorcism” of its own systems raises a question: did they truly eliminate every threat or only the visible ones?

As the aftermath of this Halloween incident unfolds, M2’s narrative reveals cracks that raise concern.

Their claims of a rapid recovery seem hollow, with approximately $13 million still sitting untouched in the attacker’s wallets—assets left dormant, reminiscent of a haunted house left eerily lit.

The speed of their response and their eagerness to downplay the situation suggest a narrative that might have been prepared in advance.

In contrast to typical crypto breaches, where victims are vocal, and attackers vanish, M2 appears surprisingly at ease with the consequences of this incident.

When an exchange insists it has recovered from a breach while the stolen assets remain visible, it prompts critical questions: in this unsettling scenario, who truly controls the fate of these digital assets?

Streamline your development process with Pinata’s easy File API

• Easy file uploads and retrieval in minutes

• No complex setup or infrastructure needed

• Focus on building, not configurations

Try today!

Decentraland 2.0 beta is now live!

• Explore a vibrant, community-built world

• Connect through enhanced avatars and social interactions

• Complete daily quests and mini-games

Download to get started.