Security firm said attackers executed a ‘transfer-out, swap, and wash’

Crypto-exchange BitMart reports $150 million theft following hack

Cryptocurrency trading platform BitMart has revealed that around $150 million worth of funds have been stolen by malicious hackers.

Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain.

In a statement issued on the same day, BitMart said it was “temporarily suspending withdrawals until further notice” after detecting a “large-scale security breach” centered on two ‘hot’ wallets (meaning the wallets were connected to the internet).

Catch up with the latest cryptocurrency security news and analysis

The Ethereum and Binance Smart Chain wallets accounted for “a small percentage of assets on BitMart and all of our other wallets are secure and unharmed”, said BitMart. “We are now conducting a thorough security review and we will post updates as we progress.”

While BitMart said it was still investigating how the cyber-heist was executed, Peckshield yesterday (December 5) described the hack as “pretty straightforward: transfer-out, swap, and wash” – visualizing this on Twitter with a flow chart indicating the use of a decentralized exchange aggregator and privacy mixer to make the pilfered funds harder to trace.

BitMart – tagline ‘The most trusted cryptocurrency trading platform’ – says it has more than nine million customers across more than 180 countries.

The theft dwarfs the estimated value of funds stolen from users of decentralized finance platform BadgerDAO last week – around $120 million – and the more than $55 million believed to have been purloined from the wallets of employees and users of DeFi platform bZx last month.

In October, meanwhile, cryptocurrency exchange Coinbase admitted that at least 6,000 users accounts had been compromised, leading to the withdrawal of an undisclosed amount of funds.

YOU MIGHT ALSO LIKE Insider threat: Tech firm was hacked and extorted by its own employee, says FBI