Bitmart has lost close to $200 million in multiple cryptocurrencies, making this the most damaging centralized exchange breach to date. The hackers made off with a collection of over 20 tokens
Huge loss for Bitmart following hack
Bitmart has lost $196 million in multiple cryptocurrencies, making this the most damaging centralized exchange breach to date.
The purported attack was initially brought to light Saturday night by security analysis firm Peckshield in a tweet. One of Bitmart’s addresses is currently showing regular outflows of whole token balances, some worth tens of millions of dollars, to an address known as the “Bitmart Hacker” by Etherscan.
In a follow-up tweet, Peckshield assessed the damage at $100 million in various cryptocurrencies on the Ethereum network and $96 million on the Binance Smart Chain.
The team’s further investigation discovered a concurrent $96 million compromise of the crypto exchange’s BSC reserves:
Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain ). (Previously we only counted the loss on @ethereum). And here is the list of affected assets/amounts on @BinanceChain pic.twitter.com/cXXApDFtd7— PeckShield Inc. (@peckshield) December 5, 2021
The hackers made off with a collection of over 20 tokens, including BNB, Safemoon, BSC-USD, and BPay. The attack also exposed a large number of meme currencies, including BabyDoge, Floki, and Moonshot.
According to Peckshield, the hack was a simple case of transfer-out, swap, and wash:
The hacker systematically used decentralized exchange aggregator 1inch to swap stolen assets for cryptocurrency ether (ETH), then deposited the ETH into privacy mixer Tornado Cash using a secondary address, making the hacked funds harder to track.
‘Outflows were normal withdrawals’- staffs
The Crypto Exchange staff first stated that the outflows were “normal withdrawals” on an official Telegram channel, dismissing reports of the hack as “false news.”
Interesting from @BitMartExchange …😳😳😳 🙏🙏🙏 https://t.co/dFrzSww0fs pic.twitter.com/GuDB7bt2eC— PeckShield Inc. (@peckshield) December 5, 2021
Bitmart CEO Sheldon Xia later admitted that the outflows were really the consequence of a “security breach” hours later.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.— Sheldon Xia (@sheldonbitmart) December 5, 2021
A continuous threat to the crypto ecosystem
In what appears to be a continuous threat to the crypto ecosystem, cryptocurrency lending provider Celsius announced a $50 million loss as a result of the BadgerDAO decentralized finance (DeFi) protocol’s vulnerability.
The initial complaints about a security vulnerability involving BadgerDAO appeared on December 2, with the protocol publicly declaring on Wednesday that it had received multiple exporters of illicit withdrawals using cash.
To minimize any more losses, the Badger team proceeded to investigate the issue and paused all smart contracts on the protocol, similar to Bitmart. With a total loss of $196 million, this is one of the most costly centralized exchange attacks ever.
