Skip to main content
Sign in
FixedFloat1 decision on this page

Audit log

Every state-changing event for FixedFloat: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 20:59:38Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,846,228
    sig
    2FZyj3oQQuQx…9j7ffsVQexplorer ↗
    hash
    GSbKqpnRbdxz…z457YMEhsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5881 B) ▸
    {"actor":"system:backfill","investigation_id":"6ac80542-8508-4b75-aa70-eaabfed272e6","kind":"publish","page_slug":"fixedfloat","published_at":"2026-05-19T20:59:37.948Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"FixedFloat","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://u.today/fixedfloat-introduces-multi-blockchain-noncustodial-exchange-with-no-kyc-review"},{"credibility":3,"name":"","type":"other","url":"https://ff.io/faq"},{"credibility":3,"name":"","type":"other","url":"https://kycnot.me/service/fixedfloat"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://decrypt.co/218077/fixedfloat-hack-26-million-bitcoin-ethereum"},{"credibility":3,"name":"","type":"other","url":"https://unchainedcrypto.com/crypto-exchange-fixedfloat-hacked-for-26-million-in-bitcoin-ether/"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2024/04/02/fixedfloat-hit-by-2-8-million-crypto-hack-again/"},{"credibility":3,"name":"","type":"other","url":"https://cryptoslate.com/fixedfloat-reportedly-suffers-2-8-million-theft-tether-blocks-400000-from-attackers/"},{"credibility":3,"name":"","type":"other","url":"https://ff.io/en/blog/news/reasons-for-hacking"},{"credibility":3,"name":"","type":"other","url":"https://www.bankinfosecurity.com/cryptohack-roundup-26m-fixedfloat-hack-a-24424"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-fixedfloat-hack-february-2024"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/coinmonks/fixed-float-exploit-tracing-the-26-million-lost-to-the-hack-25fda467b577"},{"credibility":3,"name":"","type":"other","url":"https://www.elliptic.co/blog/the-rise-and-fall-of-exch-the-dark-service-used-by-north-korea-to-launder-200-million-stolen-from-bybit"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/germany-seizes-38-million-crypto-bybit-hack-linked-exch"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/markets/2024/04/02/bitcoin-lightning-exchange-fixedfloat-sees-suspicious-transfers-of-3m-to-ethereum-tron"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/sentinel-protocol/the-fixedfloat-april-hack-comprehensive-analysis-and-insights-9bac2e2ca61d"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://u.today/fixedfloat-introduces-multi-blockchain-noncustodial-exchange-with-no-kyc-review"},{"credibility":3,"name":"","type":"other","url":"https://ff.io/en/blog/news/reasons-for-hacking"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-fixedfloat-hack-february-2024"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/fixed-float-two-hacks-survival-story/"},{"credibility":3,"name":"","type":"other","url":"https://coinpedia.org/press-release/fixedfloat-exchange-statement-on-security-breaches-and-future-enhancements/"},{"credibility":3,"name":"","type":"other","url":"https://www.trustpilot.com/review/ff.io"},{"credibility":3,"name":"","type":"other","url":"https://kycnot.me/service/fixedfloat"},{"credibility":3,"name":"","type":"other","url":"https://ff.io/en/blog/news/reasons-for-hacking"}]}],"sources_used":[],"summary":"FixedFloat (ff.io) is a non-custodial, no-KYC cryptocurrency swap exchange launched in 2018 that suffered two confirmed security breaches in 2024 totaling approximately $28.9 million in stolen assets. Both attacks were attributed to the same threat actor exploiting vulnerabilities in FixedFloat's third-party hosting provider, Time4VPS, and stolen funds were routed through the eXch mixer — a service subsequently shut down by German authorities for laundering proceeds from major crypto thefts. The platform resumed operations after a two-month suspension but has faced ongoing scrutiny for its anonymity-first model, opaque team structure, and inadequate incident disclosure.","timeline":[{"date":"2018-01-01","event":"FixedFloat launches as a non-custodial, no-KYC cryptocurrency swap exchange.","source":""},{"date":"2024-02-16","event":"First breach: 409.304 BTC and 1,728.48 ETH (approximately $26.1 million) drained in under 45 minutes across nine transactions. Platform enters maintenance mode.","source":""},{"date":"2024-02-18","event":"FixedFloat publicly confirms the hack, attributing it to 'vulnerabilities and security gaps in its infrastructure.' Stolen Ethereum funds traced to eXch mixer by PeckShield.","source":""},{"date":"2024-03-31","event":"Alleged same attacker gains unauthorized access to all FixedFloat servers still hosted at Time4VPS.","source":""},{"date":"2024-04-01","event":"Second breach: approximately $2.8 million drained from FixedFloat's Ethereum hot wallet. Attacker locks FixedFloat out of Time4VPS account by changing recovery email.","source":""},{"date":"2024-04-02","event":"Cyvers alerts community to suspicious FixedFloat transactions. CoinDesk and CryptoSlate report the second hack. Tether freezes approximately $400,000 in attacker-linked USDT.","source":""},{"date":"2024-04-30","event":"German authorities (BKA/ZIT) shut down eXch — the primary laundering destination for FixedFloat's stolen Ethereum — seizing approximately $38.5 million in crypto assets.","source":""},{"date":"2024-06-01","event":"FixedFloat resumes operations after approximately two-month suspension, claims infrastructure migrated away from Time4VPS and security improvements implemented. Attributes both hacks to Time4VPS vulnerabilities in official statement.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 08fbd7ec-9043-4afc-b1ef-237c286d10d2
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.