Floating Point Group (FPG), a prominent crypto prime brokerage and agency trading desk, has suspended all trading activities, as well as deposits and withdrawals, in response to a major cybersecurity incident. The company, which serves asset managers overseeing over $50 billion worth of assets, reported a loss of between $15 million and $20 million in cryptocurrencies as a result of the breach, according to an FPG spokesperson.
Upon discovering the incident, FPG swiftly engaged third-party forensics experts and collaborated with law enforcement agencies to investigate the matter, as revealed by a source with direct knowledge of the situation. The company’s spokesperson acknowledged the incident and stated that FPG had taken immediate action by securing all wallets and locking third-party accounts. The firm further emphasized its commitment to comprehending the extent and circumstances of the breach.
FPG, founded in 2018 at the Massachusetts Institute of Technology, offers asset managers access to liquidity across markets through its crypto prime brokerage platform. It holds a notable position in the treasury management market, with its blockchain foundation customers accounting for approximately 5% of the total market share. The company has received backing from prominent investors, including Coinbase Ventures, Anthony Scaramucci of SkyBridge Capital, and Naval Ravikant, the founder of AngelList. To date, FPG has raised a total of $12 million in funding in over 5 rounds.
In August of the previous year, FPG achieved registration as a virtual asset service provider (VASP) in the Cayman Islands, a status that ensured the secure custody of customer assets even in the unlikely event of the company’s bankruptcy. At that time, FPG reported having approximately 100 customers.
Despite the severity of the cybersecurity incident, FPG’s account segregation measures limited the overall impact of the attack, the spokesperson explained. However, the exact details and nature of the breach are still being investigated. FPG is collaborating with the Federal Bureau of Investigation (FBI), the Department of Homeland Security, regulators, and Chainalysis to determine the cause of the incident and recover the lost assets. As an ongoing investigation involving law enforcement, specific details cannot be shared at this stage, but FPG has pledged to provide updates as they become available.
This breach occurs six months after FPG proudly announced its attainment of a SOC 2 (Service Organization Control 2) certification. The certification signifies the company’s adherence to industry-recognized security, privacy, and control standards in handling sensitive data and systems, ensuring reliability for its clients.
The incident at FPG highlights the persistent cybersecurity risks faced by cryptocurrency-related businesses and the importance of robust security measures to safeguard digital assets.