Hackers take $196 million from crypto exchange Bitmart
Hackers have taken $196 million from crypto trading platform
Bitmart, a security firm said Saturday.
Bitmart confirmed the hack in an official statement Saturday
night, calling it “a large-scale security breach” and writing that hackers
withdrew about $150 million in assets. However, blockchain security and data
analytics firm Peckshield estimates that the loss is closer to $200 million.
Bitmart added in a statement that all withdrawals had been
temporarily suspended until further notice and said a thorough security review
was underway.
Peckshield was the first to notice the breach on Saturday,
noting that one of Bitmart’s addresses showed a steady outflow of tens of
millions of dollars to an address which Etherscan referred to as the “Bitmart
Hacker.”
Peckshield estimated that Bitmart lost around $100 million
in various cryptocurrencies on the ethereum blockchain and another $96 million
from coins on the binance smart chain. The hackers made off with a mix of more
than 20 tokens, including binance coin, safemoon, and shiba inu.
Bitmart says that the affected ethereum and binance smart
chain “hot wallets” carried only a “small percentage” of the exchange’s assets.
The statement went on to say that all other wallets were “secure and unharmed.”
People who choose to hold their own cryptocurrency can store
it “hot,” “cold,” or some combination of the two. A hot wallet is connected to
the internet and allows owners relatively easy access to their coins so that
they can access and spend their crypto. The trade-off for convenience is
potential exposure to bad actors.
JH reached out to multiple Bitmart employees to ask for more
clarity on the hack, including whether customer funds had specifically been
targeted in the breach, and if so, whether users would be reimbursed. CNBC has
not yet heard back, but an email to the work address of Bitmart founder and CEO
Sheldon Xia (as listed on Xia’s unverified Twitter account) bounced back with a
message that read, “Recipient address rejected: Access denied.”
Bitmart, which offers a mix of spot transactions, leveraged
futures trading, as well as lending and staking services, typically ranks as
one of the top centralized crypto exchanges by volume, according to CoinGecko
data.
Bitmart says it is still unclear what possible methods the
hackers used, but what happened after the breach was pretty straightforward,
according to Peckshield. It was a classic case of “transfer-out, swap, and
wash,” according to the security firm.
After transferring the funds out of Bitmart, hackers
apparently used the decentralized exchange aggregator known as ‘1inch’ to
exchange the stolen tokens for ether. From there, the ether coins were
deposited into a privacy mixer known as Tornado Cash, which makes the money
harder to trace.
Cybercriminals often look to a mixing or tumbling service,
according to Rick Holland, chief information security officer at Digital
Shadows, a cyberthreat intelligence company. Holland told CNBC these services
allow users to combine illicit funds with clean crypto to essentially make a
new type of cryptocurrency, at which point they turn to currency swaps.
So even though the blockchain is public, there are still
ways to make it difficult for investigators to trace transactions to their
ultimate destination.
This latest breach comes amid a wave of recent hacks.
Last week, crypto lender Celsius Network admitted to losing
funds (though it didn’t specify how much it lost exactly), as a result of the
$120 million hack of the decentralized finance platform BadgerDAO.
And in August, a hacker stole more than $600 million worth
of tokens from the cryptocurrency platform Poly Network. In a strange twist,
the attacker subsequently returned nearly all of the money.
Comments
Post a Comment