A security firm announced Saturday that hackers have stolen $196 million from Bitmart’s crypto trading platform.
Bitmart released an official statement Saturday night confirming the hack, calling it a “large-scale security breach” as well as writing that hackers took about $150 million worth of assets. PeckShield, a blockchain security and data analytics company, estimates that the loss amounts to closer to $200 million.
Bitmart stated that withdrawals were temporarily suspended while they were reviewed.
PeckShield, who noticed the breach Saturday morning, noted that Bitmart’s address showed a steady flow of tens of millions of dollars to an address Etherscan called the “Bitmart hacker.”
PeckShield estimates that Bitmart lost approximately $100 million in cryptocurrencies on ethereum and $96 million in coins on the Binance smart chain. The hackers stole more than 20 tokens including safemoon, binance coin and shiba Inu.
Bitmart claims that the “hot wallets” for the affected binance smart chain and ethereum only had a “small portion” of the exchanges assets. The statement continued to state that all other wallets are “secured and unharmed.”
Individuals who want to store their own cryptocurrency can keep it either “hot” or “cold”, or a combination of both. Hot wallets are connected to the Internet, and allow owners to have relatively easy access to their cryptocurrency so they can access it and spend it. Convenience is traded for the possibility of being exposed to bad actors.
According to CoinGecko data, Bitmart offers spot transactions, leveraged futures trading and lending, along with staking services.
Bitmart claims that it’s not clear what hacker methods were used. However, PeckShield says what happened following the breach was quite straightforward. According to the security company, it was a classic example of “transfer out, swap, then wash.”
Hackers used Bitmart’s decentralized exchange aggregator, known as “1inch”, to exchange the stolen tokens in ether. The ether coins were then deposited in Tornado Cash, a privacy mixer that makes it harder to track the money.
According to Rick Holland (chief information security officer at Digital Shadows), a cyberthreat intelligence company, cybercriminals often turn to mixing or tumbling services. Holland explained that these services allow users combine illicit funds and clean crypto to create a new type cryptocurrency. Then they can turn to currency swaps.
Even though blockchain is publicly available, investigators still have to find the transactions that led to them.
This latest breach is part of a recent wave of hacks.
Crypto lender Celsius Network admitted last week that it had lost funds due to the $120 million hack by BadgerDAO, a decentralized finance platform.
In August, a hacker took more than $600,000,000 worth of tokens from cryptocurrency platform Poly Network. Strangely, the attacker returned almost all of the money.