- PeckShield, a cybersecurity firm, disclosed the theft.
- Neither BitMart nor PeckShield has produced a report on the breach.
BitMart, a cryptocurrency exchange, was hacked, and over $200 million worth of crypto assets were stolen in a hot wallet attack. PeckShield, a cybersecurity firm, disclosed the theft and predicted a loss of about $100 million on Ethereum and $96 million on Binance Smart Chain. PeckShield first thought that just $100 million was lost since it evaluated the Ethereum loss solely.
It then amended the figure to exactly $196 million after factoring in the $96 million loss on Binance Smart Chain. Sheldon Xia, the founder and CEO of BitMart, subsequently acknowledged the breach.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
— Sheldon Xia (@sheldonbitmart) December 5, 2021
Sheldon further added:
“At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation. Thank you very much.”
Negligible Part of the Exchange’s Overall Holdings
The hack was carried out under a cryptocurrency mixer named Tornado to conceal transaction data and launder blacklisted crypto assets through PeckShield’s “transfer-out, swap, and wash” technique.
Xia reassured the BitMart community that their remaining cash and wallets were secure. The compromised ETH and BSC hot wallets held a negligible part of the exchange’s overall holdings. As of yet, neither BitMart nor PeckShield has produced a report on the breach.
Any new technology has inherent weaknesses at first. It takes time to fix problems and build strong enough technology to survive security breaches. Simultaneously, users should conduct periodic risk assessments. Self-custodial wallets are the way to go for anybody looking for a secure storage location for their digital assets.