- A security firm said on Saturday that hackers have taken $196 million from crypto trading platform Bitmart.
- Bitmart confirmed the hack in an official statement Saturday night, calling it a “massive security breach” and writing that the hackers withdrew approximately $150 million in assets.
- Blockchain security and data analytics firm PeckShield estimates the loss to be closer to $200 million.
A security firm said on Saturday that hackers have taken $196 million from crypto trading platform Bitmart.
Bitmart confirms hack in an official statement On Saturday night, it called it a “massive security breach” and wrote that the hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm PeckShield estimates the loss to be closer to $200 million.
Bitmart said in a statement that all withdrawals were temporarily suspended until further notice and that a full security review was underway.
PeckShield was the first to report the breach on Saturday, noting that One of Bitmart’s addresses showed a steady outflow of tens of millions of dollars to an address that Etherscan referred to as the “Bitmart hacker”.
Peckshield Approximate Bitmart lost nearly $100 million in various cryptocurrencies on the Ethereum blockchain and $96 million from coins on the Binance smart chain. The hackers created a mix of more than 20 tokens, including Binance Coin, Safemoon, and Shiba Inu.
Bitmart says the affected Ethereum and Binance smart chain “hot wallets” held only a “small percentage” of the exchange’s assets. The statement further added that all other wallets were “secure and innocuous”.
Those who choose to hold their own cryptocurrency can store it “hot,” “cold,” or some combination of the two. A hot wallet is connected to the Internet and allows owners relatively easy access to their coins so that they can access and spend their crypto. The trade-off for convenience is potential exposure to bad actors.
Businesshala reached out to several Bitmart employees to ask for more clarity on the hack, including which customer funds were specifically targeted in the breach, and if so, whether users would be reimbursed. Businesshala has yet to hear back, but an email (as listed) to the work address of Bitmart founder and CEO Sheldon Xia Zia’s unverified Twitter account) returned with a message that read, “Recipient Address Denied: Access Denied.”
bitmartAccording to CoinGecko data, which offers a mix of spot trading, leveraged futures trading as well as lending and staking services, it generally ranks as one of the top centralized crypto exchanges by volume.
Bitmart says it is still unclear what possible methods the hackers used, but according to Peckshield, what happened after the breach was pretty straightforward. According to the security firm it was a classic case of “transfer-out, swap and wash”.
After transferring funds from Bitmart, the hackers apparently used a decentralized exchange aggregator known as ‘1Inch’ to exchange the stolen tokens for Ether. From there, the Ether coins were deposited into a privacy mixer known as Tornado Cash, making the funds harder to trace.
According to Rick Holland, chief information security officer at cybercrime intelligence company Digital Shadows, cybercriminals often look to mixing or tumbling services. Holland told Businesshala that these services allow users to combine illicit money with clean crypto to create a new type of cryptocurrency, at which point they turn to currency swaps.
So even if the blockchain is public, it can still make it difficult for investigators to trace transactions to their final destination.
This latest breach comes amid a recent wave of hacks.
Last week, crypto lender Celsius Network admitted to losing money (though it did not specify how much it lost), as a result of the $120 million hack of decentralized finance platform BadgerDAO.
And in August, a hacker stole over $600 million worth of tokens from the cryptocurrency platform Poly Network. In a strange twist, the attacker later returned almost all the money.