BitMart Losses $196 Million to Hacker

Centralized Crypto exchanges might have come a long way since MtGox, but they’re still vulnerable to attacks. That’s the lesson BitMart learned the hard way after a security breach led to the loss of $196 million worth of Cryptocurrencies.

BitMart was Hacked!

The news of the hack first came from a tweet by security analysis company Peckshield on Saturday night. There was a steady outflow of the entire token balance from a Bitmart address to an address Etherscan labeled as the BitMart Hacker. 

Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain ). (Previously we only counted the loss on @ethereum). And here is the list of affected assets/amounts on @BinanceChain pic.twitter.com/cXXApDFtd7

— PeckShield Inc. (@peckshield) December 5, 2021

A follow-up tweet showed that the hacker siphoned $100 million worth of Cryptocurrencies on the Ethereum blockchain and $96 million worth from the Binance Smart Chain.

After stealing the crypto assets, the hacker used DEX aggregator 1inch to swap the stolen assets with ETH before sending the ETH through Tornado Cash, which made it difficult to track the stolen funds.

BitMart’s Reaction so far

Initially, BitMart representatives claimed that the news of the attack was a hoax, describing the outflows as routine withdrawals. But the exchange CEO, Sheldon Xia, later confirmed that the breach happened and the outflows resulted from the hack. 

He claimed that the hackers withdrew assets valued at approximately $150 million and added that the two hot wallets that were affected only carry a small percentage of the assets on Bitmart. 

1/4 In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed.

— Sheldon Xia (@sheldonbitmart) December 6, 2021

 

According to the CEO, only these two wallets were affected, and the exchange is currently conducting a security review. The security review revealed that two wallets were compromised due to a stolen private key and other wallets are unharmed and safe.

BitMart stated that affected users would be duly compensated as the exchange will bear the loss and will look for the best solutions to the problem.

As of the time of writing, the withdrawal and deposit functions on the crypto exchange have been suspended. But the company said these functions would gradually resume on December 7, 2021, and promised to release a more detailed timeline.

Many in the crypto community have commended the speed with which the company has responded to the attack and how it has carried its customers along in the process.