BitMart CEO admits $196 million hack was the result of leaked private keys
The exchange is conducting a review of the incident and hopes normal service can be resumed on Tuesday.
BitMart CEO Sheldon Xia admits Sunday’s hack resulted from stolen private keys. Xia said the stolen funds came from two compromised hot wallets but sought to reassure users all other operations are “safe and unharmed.”
“In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed.“
Hot wallets refer to cryptocurrency wallets that are accessible online. In comparison, cold wallets are not connected to the internet and are considered more secure due to the lack of online access.
Exchanges typically employ a mixture of both types to cater to different parts of their operations, with hot wallets acting as a liquidity source to facilitate user withdrawal requests.
Even though Xia said BitMart will compensate user losses; the incident once again highlights the dangers of leaving funds on an exchange.
Cybercriminals attack BitMart in $196 million hack
An official BitMart statement said the “large scale security breach” affected their $ETH and $BSC hot wallets, with hackers able to withdraw approximately $150 million in funds. But data analytics firm Peckshield estimates losses are likely closer to $200 million.
Peckshield’s analysis of the affected wallets shows around $100 million was drained from the $ETH wallet, and approx $96 million came from the $BSC wallet.
“The hackers made off with a mix of more than 20 tokens, including binance coin, safemoon, and shiba inu.”
Stolen funds were sent to dexes, including 1inch, and exchanged for Ether. The hackers then sent the swapped funds to crypto tumblers to “launder” or mix the tokens, making the trail harder to follow.
Despite the discrepancy in numbers, the exchange said they are in the process of conducting a thorough security review, with updates to come as more is known. They add that withdrawals are temporarily suspended and ask for patience during this challenging period.
Xia gives deadline for return of normal service
In addition to BitMart’s ongoing security investigation, Xia said his team is also working on restoring normal operations. Once again, he called on patience during this time.
“We are now doing our best to retrieve security set-ups and our operation. We need time to make proper arrangements and your kind understanding during this period will be highly appreciated.“
As a soft deadline for returning normal deposit and withdrawal services, Xia gave December 7 as a deadline, with updates on this depending on how the situation is progressing.