- Rain says customer funds ‘secure’
- Stolen funds converted to Bitcoin
- Compliance with standards ‘insufficient’
Rain, a cryptocurrency exchange regulated in both the UAE and Bahrain, has confirmed a serious hack resulting in losses reportedly nearing $15 million.
The exchange said in a statement on its website on Tuesday that customer funds remain secure despite the incident.
The security breach occurred on April 29 and was first detected by blockchain expert ZachXBT, who observed suspicious outflows of $14.8 million moving to decentralised exchanges.
Decentralised exchanges, known for not requiring user identification, make it difficult to trace transactions.
The hackers used these platforms to convert the funds stolen from Rain into Bitcoin and Ethereum to obscure their origins, sparking concerns of suspicious activity and indicating potential exploitation of Rain’s exchange.
Following the incident, Rain said it has taken “immediate steps” to strengthen the security of its platform and is cooperating with relevant legal and regulatory authorities.
The exchange, which is regulated by both the Central Bank of Bahrain and ADGM Financial Services Regulatory Authority, clarified that customer funds are safely held on a 1:1 asset-to-funds ratio, meaning each customer’s fiat and crypto holdings are fully backed in line with regulatory requirements.
When contacted by AGBI, the company said it could not comment further on ongoing law enforcement investigations.
- Gulf asset managers remain wary of resurgent bitcoin
- Crypto miners see ‘enormous potential’ in the Gulf
- Tim Draper: UAE benefits from US crypto ‘overregulation’
Rain’s trading volumes have neared $5 billion since its inception.
In 2022 the company secured $110 million in a Series B funding round led by Paradigm and Kleiner Perkins, with contributions from notable investors including Coinbase Ventures and Global Founders Capital.
This incident at Rain serves as a reminder of persistent vulnerabilities within the cryptocurrency sector, not just for decentralised finance (DeFi) platforms but also for traditional centralised exchanges.
Ben Locke, GCC distributor for UK-headquartered global cybersecurity company CyberHive, told AGBI crypto and financial services sectors face heightened risk profiles, underscoring the need for exchanges to continuously improve their defences against increasingly sophisticated threats.
“Mere compliance with regulatory standards is insufficient in these high-stakes industries,” he said.
“Traditional security measures, such as building walls around your enterprise, are no longer sufficient. It’s crucial to use platforms that include regulatory protection, as tracking down stolen money is extremely difficult.”
Hacks continue to occur across the industry.
Over $330 million worth of digital assets was lost to hackers and fraudsters across 61 incidents in the first quarter of 2024, according to a global report by blockchain security firm Immunefi.
However, this number represents a 23 percent decrease compared to the same period last year.
The UAE has become home to some of the world’s biggest crypto companies.
AGBI reported last month that Dubai’s Virtual Assets Regulatory Authority granted a licence to the UAE operation of Binance, the world’s largest crypto exchange.