Cayman Islands-based cryptocurrency exchange BitMart has reported a hack of Ethereum and Binance Smart Chain (BSC) hot wallets. Hackers withdrew more than $ 150 million from the platform.
We have identified a large-scale security breach, and we are now conducting a thorough security review & we’ll strive to maintain transparency. All withdrawals are temporarily suspended until further notice.
We appreciate your understanding and patience.https://t.co/WdipLLOvY9 pic.twitter.com/XFlY4RyWSe
– BitMart.Exchange (@BitMartExchange) December 5, 2021
PeckShield specialists were among the first to notice the attack. On the night of December 4-5, they celebrated on the Ethereum network a number of suspicious transactions from the platform. These transfers included tokens like Gala (GALA), The Sandbox (SAND), Decentraland (MANA), Shiba Inu (SHIB), as well as $ 500,000 in USD Coin (USDC) stablecoin.
hot wallet compromised? @BitMartExchange https://t.co/pfb7215pBO pic.twitter.com/v2C1KYtaqd
– PeckShield Inc. (@peckshield) December 5, 2021
Later, there was information about the hacking of the BSC wallet. According to PeckShield estimates, hackers withdrew about $ 200 million from the platform (~ $ 100 million in ERC-20 tokens, ~ $ 96 million in tokens BEP-2 and BEP-20). Similar damage assessment led RugDoc service.
The BitMart administration initially denied the information about the hack. In the Telegram channel of the platform, users were assured that their funds were safe, and the news about the security problem was called “fake”.
Interesting from @BitMartExchange … 😳😳😳 🙏🙏🙏 https://t.co/dFrzSww0fs pic.twitter.com/GuDB7bt2eC
– PeckShield Inc. (@peckshield) December 5, 2021
A few hours later, the founder and CEO of the exchange, Sheldon Xia, confirmed that her wallets had been hacked. According to him, the damage from the actions of the attackers amounted to $ 150 million.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
– Sheldon Xia (@sheldonbitmart) December 5, 2021
“We have discovered a massive security breach involving one of our hot ETH wallets and one hot BSC wallet. At the moment, we are still figuring out a possible attack vector. The hackers were able to withdraw assets worth about $ 150 million, ”he wrote.
Xia stated that the compromised wallets contained “a negligible percentage of BitMart’s assets.” The company is investigating the incident, and the withdrawal of funds from the platform is blocked for the duration of the check.
Hackers systematically used the 1inch aggregator to exchange stolen tokens for ETH. They then transferred the cryptocurrency to an intermediate address, from which they sent funds to the Tornado Cash Ethereum mixer.
Pretty straightforward: transfer-out, swap, and wash @sheldonbitmart pic.twitter.com/LyA03sbgCZ
– PeckShield Inc. (@peckshield) December 5, 2021
Recall that in August 2021, hackers hacked the hot wallets of the Bilaxy bitcoin exchange.
In the same month, cybercriminals withdrew more than $ 80 million worth of cryptocurrency from the Liquid platform.
Subscribe to Cryplogger news on Telegram: Cryplogger Feed – the entire news feed, Cryplogger – the most important news, infographics and opinions.
Found a mistake in the text? Select it and press CTRL + ENTER
