Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The INX Digital Company, a security token and digital asset trading platform, announced that on December 20, 2023, it learned of a cyberattack that occurred on the computer systems of a third-party vendor providing services to one of the Company's subsidiaries. As a result, a malicious actor managed to access the third-party vendor's servers and executed unauthorized trades which resulted in a loss of funds of the Company's subsidiary of approximately $1.6 million. The Company took immediate actions to remediate the security vulnerability and to investigate the nature and scope of the incident. The Company also notified relevant law enforcement in the appropriate jurisdictions and is working with the affected trading venue to investigate this incident and take appropriate legal action. INX customers were not affected by the incident, and the security breach at the third-party provider did not have any impact on the platforms and servers of INX. No personal information or other data of INX's customers was compromised, and INX.One remains fully operational. Attack method (per SlowMist): Third-party Vulnerability. Reported loss: $ 1,600,000.
- chain
- —
- protocol
- INX
- bug_class
- infrastructure
- date_occurred
- 2023-12-20
- loss_usd
- $1,600,000
- source_id
- sm:inx::2023-12-20