Crypto exchange firm Bitmart suffered a large-scale hack incurring a total loss of approximately $200 million. The news was first brought to the attention by security analytics entity Pecksheild Inc who raised an alarm of the reported breach on Saturday night. Pechsheild sent out the tweet detailing the suspicious amount of outflows of a range of tokens that are valued at tens of millions of dollars, to an address called ‘Bitmart Hacker’.
Further, Peckshield researchers estimated the losses to be around $100 million in various cryptocurrencies on the Ethereum Blockchain, and $96 million on the Binance Smart Chain. The stolen funds have been siphoned off from a hot wallet using decentralized exchange aggregator 1inch to swap the assets and deposit into harder-to-trace privacy solution Tornado Cash. Initially Bitmart representatives refuted the news, terming the reports as ‘fake’ and claimed that the outflows were just routine withdrawals.
However, later founder and CEO Sheldon Xia admitted the incident to be a ‘large-scale security breach‘ in his official Twitter handle and stated,
We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 million.
In a series of tweets, the Exec assured that the trading platform would be conducting a thorough security check and that all withdrawals would be temporarily paused until “further notice.”
Recent Hack in Badger DAO
The crypto ecosytem has been a target of a never ending onslaught of malicious attackers and rug pulls. On December 2, 2021 the latest to come under attack was decentralized finance [DeFi] protocol, Badger DAO. The platform was under a cyber attack that led to a loss of around $120 million. Confirming the exploit, the Badger DAO team later acknowledged that all smart contracts on its platform have been suspended in an effort to stop any further potential malicious withdrawals.
Last November, liquidity platform MonoX finance too was reportedly drained $31 million worth of asset. Despite receiving two separate audits, the vulnerabilities in MonoX’s smart contracts were not identified.