In what’s termed as the largest centralized exchange hack, BitMart lost nearly $200 million worth of cryptocurrencies due to a security breach.
This was initially reported by a security firm and later confirmed by BitMart’s CEO on Twitter. While they’re still investigating the attack source, the funds were seen constantly flowing to the hacker’s wallet, and then to a privacy mixer for laundering.
Security Breach at BitMart
Decentralization is one of the core concepts of blockchain and an attractive feature that’s drawing people to this new technology. But, we still centralized organizations like cryptocurrency exchanges operating in the old fashion, becoming a single point failure if vulnerable.
Also Read- BadgerDAO Hack: Cryptocurrencies Worth Over $120 Million Stolen
Centralized exchanges, if not properly secured, are targeted by hackers for storing funds in their hot wallets. Any bug in their operational flow or exchange platform can lead to a leak of customers’ funds, as we had seen in the past. Now, a fresh case involving BitMart came to light.
On Saturday night, the centralized exchange BitMart was subjected to a security breach, resulting in cryptocurrencies worth $196 million being stolen from its hot wallets! This was first reported by Peckshield, a security firm that estimated the losses to be $96 million on Binance Smart Chain and $100 million on the Ethereum chain.
Interesting from @BitMartExchange …😳😳😳 🙏🙏🙏 https://t.co/dFrzSww0fs pic.twitter.com/GuDB7bt2eC
— PeckShield Inc. (@peckshield) December 5, 2021
As seen on EtherScan, the hot wallet of BitMart has been constantly leaking the funds to an external wallet named “Bitmart Hacker“. The hacker was seen using decentralized exchange aggregator 1inch to swap the stolen cryptocurrencies, and send them to Tornado Cash, a privacy mixer through a secondary address for laundering them.
This mixing process makes the tracking of stolen funds harder. Though BitMart officials denied any leak initially, the platform’s CEO Sheldon Xia confirmed the incident as a “security breach,” and the outflow of funds.