On December 6, BitMart, an encrypted asset exchange registered in the Cayman Islands, announced the reason for the theft. "The private keys of two hot wallets were stolen." Sheldon Xia, the founder of the exchange, said that the exchange will use its own Funds to compensate affected users.

On December 4, two hot wallets of BitMart Exchange’s Ethereum (ETH) and Binance Smart Chain (BSC) experienced “large-scale security breaches,” and $150 million worth of encrypted assets disappeared. The exchange claimed that the affected ETH chain and BSC chain hot wallets store a small portion of assets on BitMart, and the assets of other wallets are safe and undamaged, but the relevant deposit and withdrawal functions have been suspended.

The blockchain security organization PeckShield was the first to discover the abnormality of BitMart’s hot wallet. After counting the assets affected by the accident, the agency said that BitMart’s ETH hot wallet lost $100 million, and BSC hot wallet lost $96 million.

first level title

BitMart theft is due to the theft of hot wallet private key

"BitMart has completed a preliminary security check and identified the affected assets. This security breach was mainly caused by the theft of private keys from two of our hot wallets." On December 6, Sheldon Xia, founder of the encrypted asset exchange BitMart, said in The reason for the theft was confirmed on Twitter.

Unlike encrypted asset cold wallets that are isolated from the Internet, hot wallets are connected to the Internet. It allows owners to deposit and withdraw assets relatively easily, but it is also easier for hackers to take advantage of. This time, BitMart was tricked.

Public exchange rating information shows that BitMart was founded in 2018 and registered in the Cayman Islands. It claims to have 5.5 million users worldwide and has offices in China, South Korea, and the United States. On September 28, 2021, the exchange announced that it will stop accepting new registered accounts from users in mainland China, and will stop providing services to users in mainland China at 12:00 noon (US Eastern Time) on November 30, 2021.

Nearly $200 million in crypto assets was stolen from BitMart 4 days after ceasing operations in mainland China.

At around 7 a.m. on December 5, users continued to express in BitMart’s official social group that their ERC-20 (Token standard on the Ethereum chain) and BEP20 (Token standard on the BSC chain) assets were difficult to trade from the BitMart It was pointed out that some people did not see the information of successful transfer (transaction) from the chain within 40 minutes to 1 hour. "Usually, there is information of successful transfer every minute."

image description

BitMart said it discovered the vulnerability on December 4

At 8 am on December 5th, when a user asked "Is BitMart hacked" and "Is my account safe", the community administrator replied firmly "No Sir", "It is safe, don't worry "etc. For a period of time, administrators still defined such inquiries as "FUD" (delivering panic) and "fake news (false news)", and repeatedly asked users to believe official information and "keep calm".

Since then, some users have discovered that a large number of Meme coins such as Safemoon, Shib, and Floki listed on BitMart have been transferred from hot wallets, and these tokens in the market have experienced a large price drop. The overall market is down, but some people think that these Meme assets were sold by human manipulation, and some people found from the address on the chain that some assets in the BitMart hot wallet have been converted into ETH, and processed private information through Tornado Cash, a well-known on-chain tool for currency mixing.

Users continued to send abnormal information on the chain to the community. It was not until 10 a.m. on the 5th that BitMart announced in the community that the founder Sheldon Xia admitted on Twitter that there were "large-scale security vulnerabilities" in the ETH and BSC hot wallets. " message.

first level title

Security agency estimates BitMart lost nearly $200 million

On Dec. 6, Sheldon Xia stated that BitMart had completed initial security checks and identified affected assets. But he did not disclose which assets were affected. Earlier, the exchange said the assets affected by the accident were worth $150 million.

PeckShield, the first blockchain security agency to disclose BitMart security anomalies, gave a list of affected assets through on-chain data. The agency first noticed that there was a steady outflow of tens of millions of dollars of encrypted assets on a Bitmart address to The address marked "Bitmart Hacker" on the Ethereum browser.

PeckShield disclosed BitMart ETH (left) and BSC (right) hot wallets affected assets

The list disclosed by PeckShield shows that 28 encrypted assets in the exchange’s ETH hot wallet are affected, including Meme coins such as SHIB and SAITAMA, as well as popular GameFi assets such as GALA and SAND, as well as the mainstream asset USDC of more than 500,000 US dollars. A loss of about US$100 million; 20 encrypted assets in the BSC hot wallet of the exchange were affected, including Meme coins such as SAFEMOON, BabyDoge, and FLOKI, as well as BSC-USD of over US$350,000 and 213.57 BNB, with a total loss of about 9,600 Ten thousand U.S. dollars.

This is different from the $150 million affected amount given by BitMart, but the latter did not disclose the specific list of affected assets.

image description

Hacking operation path disclosed by PeckShield

Judging from the path map given by the agency, after the hacker transferred funds from BitMart’s ETH and BSC hot wallets, he used the decentralized aggregation transaction application 1inch deployed on the ETH and BSC dual chains to exchange tokens. Good assets entered Tornado Cash, an encrypted asset privacy service tool, which is often used by hackers to mix coins to hide address information that can be tracked on the chain.

Rick Holland, chief information security officer at cyber threat intelligence firm Digital Shadows, said in an interview with CNBC that cybercriminals often seek mixing services that objectively cause illicit funds to be mixed with clean cryptocurrencies and, in essence, it By creating a new type of cryptocurrency to form a mixed currency function, it is convenient for service providers to exchange various assets. So, even if the information on the blockchain is publicly available, there are ways to make it difficult for investigators to trace transactions to their final destination.

In the past month, there have been many thefts in the world of encrypted assets. Last week, the decentralized financial platform BadgerDAO was hacked and lost $120 million; at the end of October, the decentralized exchange BXH was stolen and lost nearly $150 million. Hackers attack exchanges and project platforms, and the final party that is damaged is often the user.

After BitMart’s theft accident, SAITAMA, FLOKI, SHIB and other projects listed on the exchange all expressed their stand with BitMart against hackers.

“We are also talking with multiple project teams to confirm the most reasonable solution, such as token swap, will not harm user assets. We are now doing our best to retrieve security settings and our operations.” Dec. 6 , Sheldon Xia stated that BitMart will use its own funds to cover the incident and compensate affected users. Xia has not elaborated on how to compensate for user concerns.