The latest centralized exchange hack may be among the most devastating to date as BitMart has lost $196 million in various cryptocurrencies.
A tweet from security analysis firm PeckShield first called attention to the alleged hack Saturday night. One of BitMart’s addresses currently shows steady outflows of entire token balances, some worth tens of millions of dollars, to an address currently labeled by Etherscan as the “BitMart Hacker.”
In a follow-up tweet, PeckShield estimated the losses to be $100 million in various cryptocurrencies on the Ethereum blockchain and $96 million on Binance Smart Chain.
The hacker has been systematically using decentralized exchange (DEX) aggregator 1inch to swap the stolen assets for the cryptocurrency ether (ETH), and using a secondary address to deposit the ETH into privacy mixer Tornado Cash thus making the hacked funds harder to track.
In an official Telegram channel, BitMart representatives initially claimed that the outflows were routine withdrawals, referring to the reports of the hack as “fake news.”
— PeckShield Inc. (@peckshield) December 5, 2021
Hours later, however, BitMart CEO Sheldon Xia confirmed that the outflows were indeed a hack resulting from a “security breach.”
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
— Sheldon Xia (@sheldonbitmart) December 5, 2021
The $196 million in losses makes this one of the most devastating centralized exchange hacks to date.
This is a developing story and will be updated.