Major centralized crypto exchange BitMart, which fell victim to a hack over the weekend and lost approximately USD 200m worth of digital assets, intends to compensate affected users and resume its operations.
Sheldon Xia, the CEO of BitMart, revealed the news via a series of Twitter messages, saying that the exchange “has completed initial security checks and identified affected assets.” He added that the security breach was the result of a stolen private key that had two of the exchange’s hot wallets compromised, insisting that other assets are safe.
Xia also unveiled that the exchange will compensate affected users, stating:
“We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed.”
The CEO said he is “confident that deposit and withdrawal functions will gradually begin in December 7, 2021.” He also aims to conduct an AMA (ask me anything) at 1 am UTC on December 6 to share more info regarding the incident.
“We are now doing our best to retrieve security set-ups and our operation. We need time to make proper arrangements and your kind understanding during this period will be highly appreciated,” Xia tweeted.
Security analysis firm Peckshield brought to attention the unusual flow of funds out of BitMart, compiling a list of “transferred-out assets and their amounts.” The firm noted that around USD 100m funds were transferred from the Ethereum (ETH) blockchain and another USD 96m from Binance Smart Chain (BSC).
Following the notice by Peckshield, Bitmart acknowledged they identified “a large-scale security breach,” adding that they temporarily suspended withdrawals.
The hacker swapped the stolen crypto assets, which include a substantial amount of meme coins like dogecoin (DOGE) and shiba inu (SHIB), for ETH using the decentralized exchange (DEX) aggregator 1inch.
The hacker also used the decentralized mixer protocol Tornado Cash to further improve transaction privacy, making it even harder to track the stolen funds.
According to PeckShield, the hack was a “pretty straightforward case of transfer-out, swap, and wash.”
The 24-hour trading volume on BitMart is currently USD 1.15bn, having dropped from USD 1.46bn seen yesterday, per Coingecko data. The platform is now at the 27th place by daily trading volume.
Meanwhile, last week, decentralized autonomous organization (DAO) Badger DAO lost over USD 120m in an alleged front-end attack. As per Etherescan transactions, one of the affected users lost around 897 WBTC (wrapped BTC) (over USD 50m) to the hack. Reports claim that the address belonged to Celsius Network (CEL), a major crypto lending firm.
– Crypto Exchanges in 2022: More Services, More Compliance, and Competition
– Badger DAO Appears to Have Lost Over USD 120M in an Attack
– MonoX Team Confirms Exploit, USD 30M + Might Be Stolen
– AnubisDAO Points at ‘Critical Mistake’ After Losing USD 60M of Investors Money
– Cream Finance Suffers Another Exploit as Attacker Runs Away With USD 100M +
– At Least 6,000 Coinbase Clients Robbed This Spring, Exchange Reimburses Losses