BitMart Falls Victim to a Crypto Heist, Loses USD 200 Million in Tokens!

BitMart Exchange is the latest to fall in a string of attacks that have crippled cryptocurrency companies, including Poly Network and Cream Finance.

Stealing a single private key is all it took for cybercriminals to haul away a whopping USD 200 million worth of cryptocurrencies. It’s a cakewalk for the malicious actors.

According to the crypto exchange firm, the hackers had stolen a private key to compromise two of the exchange’s hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC).

“In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed,” informed the firm.

Terming the attack as a large-scale security breach, the company informed that the criminals stole around USD 150 million worth of cryptocurrency assets.

“Hackers were able to withdraw assets of the value of approximately 150 million USD,” said BitMart.


Also Read: 86% of Compromised Google Cloud Accounts Leveraged for Crypto Mining!


However, according to the blockchain security firm PeckShield – the first entity to raise the alarm about the heist, the loss is closer to USD 200 million.

“Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain). Previously we only counted the loss on @ethereum,” tweeted PechShield.

Upon identifying the breach, the crypto firm has suspended asset deposits and withdrawals until further notice.

However, BitMart hasn’t yet figured out exactly how the criminals pulled off the breach.


Also Read: Panasonic Suffers Data Breach; Remains Undetected for Ages


Meanwhile, Pekchshield has described that the transfer of funds from BitMart was ‘pretty straightforward’.

“Pretty straightforward: transfer-out, swap, and wash @sheldonbitmart,” tweeted the blockchain security firm illustrating the attack with an infographic.

Illustration of the Attack Chain

As per the infographic, the hackers used a decentralized exchange aggregator known as 1inch to exchange the stolen assets for Ethereum. Then, the Ethereum coins were deposited into a privacy mixer known as Tornado Cash.

The Tornado is a washer that makes the funds untraceable by breaking the on-chain link between source and destination addresses.

A pledge to aid the affected customers

With many of its crypto customers affected by the security breach, BitMart has come up with a plan to repay them from its own pockets.

“BitMart will use our own funding to cover the incident and compensate affected users. We are also talking to multiple project teams to confirm the most reasonable solutions, such as token swaps. No user assets will be harmed,” tweeted BitMart CEO Sheldon Xia.

The full details regarding the security breach, compensation arrangement, and operation resumption will be shared by CEO Sheldon on Telegram AMA scheduled to start soon.

Security Hygiene – A Need of the Hour

Security Hygiene – A Need of the Hour

This crypto heist emphasizes the importance of cybersecurity best practices in securing a business. Should the company have followed proper cyber hygiene for storing the private key, it could have prevented this havoc. With the ever-changing cyber landscape, imbibing cyber best practices across the organization is a must to realize a cyber-secure business. This is where StealthLabs comes in.

With notorious cybercriminals lurking everywhere, one ought to join forces with IT security service providers like StealthLabs to stave off cybercrime. With over a decade long experience in helping businesses secure their assets, we can help you build cyber resilience like never before.

Let’s work together to stand secure and strong.

Contact Us


More News: