Crypto exchange Bitmart lost nearly $200 million in a hot wallet compromise hosted over the Ethereum and Binance Smart Chain blockchains.
The $200 million Bitmart hack was first revealed by Peckshield, a blockchain security and data analytics company that initially identified a transfer of roughly $100 million over the Ethereum blockchain.
At 7.30 PM UTC, PeckShield first noticed an excessive amount of outbound transfers. It found that a range of tokens had been sent out of BitMart’s hot wallet, starting at 4.30 PM EST. These tokens included large amounts of meme tokens like shiba (SHIB), plus half a million dollars in the stablecoin USDC.
Other commentators have pointed out that funds have also been removed on the Binance Smart Chain blockchain too, which could raise the amount of funds that have been taken.
The funds have been sent on to Ethereum mixing service Tornado Cash, which will make it harder to track them.
Further investigation from the team revealed a concurrent hack of $96 million over the crypto exchange’s BSC reserves:
The hackers made away with a mix of over 20 tokens that includes altcoins such as Binance Coin (BNB), Safemoon, BSC-USD and BNBBPay (BPay). Sizable amounts of meme coins such as BabyDoge, Floki and Moonshot were also compromised in the hack.
According to Peckshield, the hack was a straightforward case of transfer-out, swap, and wash:
Bitmart CEO Sheldon Xia later confirmed the hack over Twitter as a “large-scale security breach” on ETH and BSC hot wallets:
“At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 million.”
In what seems like an ongoing threat to the crypto ecosystem, cryptocurrency lending platform Celsius confirmed a loss of $50 million in the exploit of decentralized finance (DeFi) protocol BadgerDAO.
The first reports on BadgerDAO’s security breach surfaced on Thursday with the protocol officially announcing that it received multiple exports of unauthorized withdrawals of user funds on Wednesday.
Taking preventive measures similar to Bitmart, the Badger team continued investigating the issue and paused all smart contracts on the protocol to avoid any further losses.
- Users on Twitter started to complain about a possible security breach against Bitmart earlier on December 5th before the company confirmed the news hours later.
- The statement described the event as a “large-scale security breach” related to one of the hot Ethereum (ETH) wallets and one of the Binance Smart Chain (BSC) hot wallets.
- The company promised that the funds contained in those two addresses are a “small percentage of assets on Bitmart” and all other wallets are “secure and unharmed.”
- Initially, Bitmart noted that the hackers were able to swipe around $150 million worth of several cryptocurrencies.
- Although Bitmart ultimately confirmed the hack and Sheldon Xia said all withdrawals are temporarily suspended, this was not the case initially.
- PeckShield showed several chats on Telegram, in which an admin from Bitmart refuted the allegations that the exchange was hacked
PoS is said to be the solution to the security issues on the PoW protocols, and so ‘Bitmart Hacker’ will bring back the discussion on the security integrity of this consensus method. How other networks using it can improve and make it better to prevent future hacks will be widely discussed.
Crypto investors will also be waiting to hear from individual cryptocurrencies what went wrong and more a comprehensive audit from the Bitmart team. It is expected these teams will come up with an explanation very soon.
It will also be a good moment for crypto investors to take a look at cryptocurrencies that managed to prevent hackers, like Bitrise coin. They have proven a good investment where investors are guaranteed security of their assets. More news regarding ‘Bitmart Hacker’ will be coming out soon.