Crypto Exchange Bitmart Loses $196 Million to Hackers
Hackers stole $196 million from cryptocurrency trading platform Bitmart on Saturday. Bitmart confirmed the breach in an official press release Saturday night, terming it "a large-scale security breach" and stating that hackers took approximately $150 million in assets. Peckshield, a blockchain security and data analytics company estimates the loss is at $200 million.
Bitmart stated in an official release that all withdrawals had been briefly halted until further notice. It further stated that a comprehensive security review was underway.
Peckshield was the first to identify the hack on Saturday, stating that one of Bitmart's addresses indicated a fast outflow of tens of millions of dollars to an address which Etherscan termed the "Bitmart Hacker."
Peckshield valued Bitmart losses to about $100 million in multiple cryptos on the ethereum blockchain. The firm also estimates another $96 million in coins taken from the binance smart chain. The hackers made took a blend of over 20 tokens, including Binance coin, Shiba Inu, and Safemoon.
Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain). (Previously we only counted the loss on @ethereum. And here is the list of affected assets/amounts:
Bitmart stated that the hacked ethereum and binance smart chain "hot wallets" held just a "small percentage" of the platform's assets. The statement added that no other wallets were affected.
Individuals who decided to hold their own crypto can store it "hot," "cold," or a mix of the two. A hot wallet is linked to the internet and enables owners to easily access their coins to ensure they have control over their crypto. The trade-off risks exposure to bad actors.
According to CoinGecko, Birtmart provides an array of spot transactions, leveraged futures trading, lending, and staking services. The platform usually ranks as one of the leading centralized cryptocurrency exchanges by volume.
Bitmart stated that it is still not possible to identify the methods used by the hackers. According to Peckhshield, what happened following the attack was pretty straightforward, "It was a classic case of transfer-out, swap, and wash."
After moving the assets out of Bitmart, hackers allegedly utilized the decentralized exchange aggregator known as '1inch' to exchange the looted ether tokens. From there, they could deposit ether coins into a privacy mixer called Tornado Cash, it makes the money impossible to trace.
According to Rick Holland, chief information security officer at Digital Shadows, a cyberthreat intelligence firm, Cybercriminals usually lookout for a mixing or tumbling service. Holland alleges that these services enable users to mix illicit money with clean crypto assets to create a new type of crypto, at which point they use currency swaps.
Although the blockchain is public, there are still ways to make it impossible for investigators to trace transactions to their final destination.
This latest attack comes amid a series of recent breaches.
Last week, cryptocurrency lender Celsius Network confirmed losing funds though it didn't clarify the amount. Decentralized fiancé platform BadgerDAO lost approx. $120 million to hackers.
And in August, a hacker stole tokens valued at more than $600 million from the crypto platform Poly Network. In a strange twist, the attacker refunded almost all of the funds.
First published on Dec 6, 2021