Late Saturday night, cryptocurrency exchange – BitMart – announced that it had suffered a hack attack that resulted in more than $150 million U.S. equivalent stolen from one of its Ethereum and Binance Smart Chain (BSC) hot wallets. BitMart CEO and founder Sheldon Xia confirmed the exfiltration occurred in this series of three messages posted to his Twitter account.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
— Sheldon (@sheldonbitmart) December 5, 2021
2/3 The affected ETH hot wallet and BSC hot wallet carries a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress.
— Sheldon (@sheldonbitmart) December 5, 2021
3/3 At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation. Thank you very much.
— Sheldon (@sheldonbitmart) December 5, 2021
It’s been reported that one of BitMart’s wallet addresses currently displays repeated moves of token balances out of the account, with some of those transactions in the range of tens of millions of dollars. Etherscan has currently labeled the destination address as “BitMart Hacker.”
Sponsored
The exfiltrated funds comprised a collection of tokens including various meme coins such as Shiba Inu and others. It also reportedly included more than a half million worth of USDC stablecoins.
On The Flipside
- BitMart is the latest in a series of security breaches executed against “hot wallets” on centralized exchanges.
- Hot wallets are digital accounts that are on-chain and susceptible to theft and exfiltration from hackers connected directly to the Internet.
Why You Should Care?
The only way to ensure the maximum level of safety and security for your cryptocurrency assets is to store the private keys offline on a paper or in a digital “cold wallet.” The most reliable “cold wallets” where you are the primary custodian are either from Trezor or Ledger. Only buy devices directly from the manufacturers’ websites.
