FixedFloat, a non-custodial crypto exchange that facilitates an automated exchange of cryptocurrencies, appears to have been hacked for $26.1 million over the weekend.

On-chain data shows that a suspicious address drained 409 Bitcoin, worth $21.1 million at the time, from the platform. On the Ethereum blockchain, an attacker appears to have drained 1,728 Ether, worth around $4.85 million, from FixedFloat to another address.

On Feb. 17, a number of users took to X to complain that transactions were not being processed on FixedFloat. At the time, the team behind the exchange attributed this to “minor technical problems” and said that the platform had been switched to maintenance mode. 

The team later confirmed that an exploit had taken place, but said that they were not yet ready to make public comments on the matter.

Blockchain security researchers have found that the attacker has started laundering funds through crypto exchanges and HitBTC.

Interestingly, FixedFloat itself has often been the tool of choice for hackers looking to launder funds, given the fact that it does not require users’ registration or Know Your Customer (KYC) verifications.

In October, a hacker stole around $3 million worth of Avalanche’s native token AVAX from the Web3 social media app Stars Arena and transferred the funds through FixedFloat. However, the platform has also thwarted the efforts of some exploiters in the past, freezing $200,000 worth of ETH from the Curve Finance hacker in 2022.