Hackers stole $196 million from cryptocurrency exchange Bitmart, a security firm said Saturday.
Bitmart confirms the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is close to $200 million.
Bitmart added in a statement that all withdrawals have been temporarily suspended until further notice and said a thorough security review is underway.
Peckshield was the first to notice the breach on Saturday, noting that one of Bitmart’s addresses shows a steady flow of tens of millions of dollars to an address Etherscan calls “Bitmart Hacker.”
Peckshield estimated that Bitmart has lost around $100 million in various cryptocurrencies on the ethereum blockchain and another $96 million in bio-smart on-chain coins. The hackers made it with a combination of more than 20 tokens, including binance coin, safemoon, and shiba inu.
Bitmart says that the affected “ethereum and binance smart chain” hot wallets carry only “a small percentage” of the exchange’s assets. The statement goes on to say that all other wallets are “secure and unharmed.” “.
Those who choose to hold their own cryptocurrency can store it “hot,” “cold,” or some combination of the two. Hot wallets are connected to the internet and give owners relatively easy access to their funds so they can access and spend their crypto. The trade-off for convenience is the possibility of exposure to bad actors.
CNBC reached out to multiple Bitmart employees to request more clarification on the hack, including whether customer funds were specifically targeted in the breach and, if so, whether users were refunded. money back or not. CNBC has yet to receive a response, but an email to the work address of Bitmart founder and CEO Sheldon Xia (as listed on Xia’s Unverified Twitter Account) is returned with a message that says “Recipient address denied: Access denied.”
Bitmart, which offers a combination of spot trading, leveraged futures, as well as lending and staking services, is often ranked as one of the top centralized cryptocurrency exchanges by volume, according to CoinGecko data.
Bitmart said it’s not yet clear what methods the hackers used, but what happened after the breach was pretty simple, according to Peckshield. According to the security firm, this is a classic case of “transfer, swap and wash”.
After moving funds out of Bitmart, the hackers appear to have used a decentralized exchange aggregator known as ‘1inch’ to exchange the stolen tokens for ether. From there, the ethers were deposited into a privacy mixer called Tornado Cash, which makes the funds harder to track.
According to Rick Holland, director of information security at Digital Shadows, a cyber threat intelligence firm, cybercriminals often look to a mixed or messy service. Holland told CNBC that these services allow users to combine illegal funds with clean cryptocurrency basically create a new cryptocurrency, at which point they switch to currency swaps.
So even though the blockchain is public, there are ways that make it difficult for investigators to trace transactions to their final destination.
This latest breach comes amid a recent wave of attacks.
Last week, Cryptocurrency Lending Network C admit loss of money (although it doesn’t state exactly how much money was lost), as a result of the $120 million hack of the BadgerDAO decentralized finance platform.
And in August, a hacker stole more than 600 million dollars the value of tokens from the Poly Network cryptocurrency platform. In a strange twist, the attacker then returned almost all of the money.
