Bitmart confirmed the hack in an official statement, branding it "a large-scale security breach" and saying that hackers withdrew about $150 million in assets – which is less than the estimate of Peckshield.
Following the hack, Bitmark said all withdrawals have been temporarily suspended until further notice and a thorough security review was underway.
The breach was noticed when Peckshield noted that one of Bitmark's addresses showed a steady outflow of tens of millions of dollars to an address, which Etherscan referred to as the "Bitmart Hacker."
Peckshield estimated that Bitmart lost around $100 million in various cryptocurrencies on the ethereum blockchain and another $96 million from coins on the binance smart chain. The hackers made off with a mix of more than 20 tokens, including binance coin, safemoon and shiba inu. (Related: South African brothers disappear with $3.6 billion worth of stolen bitcoin.)
Bitmart assured that the affected ethereum and binance smart chain hot wallets only make up a small percentage of the exchange assets and all other wallets are secured and unharmed.
People who choose to hold their own cryptocurrency can store it "hot, cold or some combination of the two." A hot wallet is connected to the internet and allows owners relatively easy access to their coins so that they can access and spend their crypto. The trade-off for convenience is potential exposure to bad actors.
Bitmart assured the victims it will use its own money to compensate victims of their losses and restore trading.
In an official statement on Monday, Dec. 6, Bitmart said it had completed initial security checks and identified the affected assets. The exchange said the security breach was mainly caused by a stolen private key, which affected two of its hot wallets.
Peckshield said what happened was a classic case of "transfer out, swap and wash." After transferring the funds out of Bitmart, hackers apparently used the decentralized exchange aggregator known as "1inch" to exchange the stolen tokens for ether. From there, the ether coins were deposited into a privacy mixer known as Tornado Cash, which makes the money harder to trace.
Rick Holland, chief information security officer at cyberthreat intelligence company Digital Shadows, said that cybercriminals often look to a mixing or tumbling service. Holland explained that these services allow users to combine illicit funds with clean crypto to essentially make a new type of cryptocurrency, at which point they turn to currency swaps. This will make it difficult for investigators to trace transactions to their ultimate destination.
According to CoinGecko Chief Executive Officer Bobby Ong, Bitmark's trading volume has gone down a lot since the hack. Bitmark offers a mix of spot transactions, leveraged futures trading, as well as lending and staking services. Ong's platform reports volumes provided to them by individual exchanges.
"Crypto exchange hacks are fairly common," said Ong. "Exchanges are a honeypot for hackers because of the high potential payoff for any successful exploit."
This latest breach comes amid a wave of recent hacks. Last week, crypto lender Celsius Network admitted to losing funds as a result of the $120 million hack of the decentralized finance platform BadgerDAO.
A hacker also stole $600 million worth of tokens from the cryptocurrency platform Poly Network. The hacker subsequently returned nearly all of the money.
Follow BitcoinCollapse.news for more news related to cryptocurrency.