According to a security firm Peckshield which spoke on Saturday, $196 million has been stolen from crypto trading platform Bitmart. The crypto trading platform has released an official statement confirming that indeed $196 million has been stolen from its platform by hackers. Bitmart called the attack “a large-scale security breach” saying that $150 million in crypto assets was withdrawn from its platform. In its statement, Bitmart announced that all withdrawals have been suspended on a temporary basis until further notice adding that the occurrence was going to go through security investigations.
According to blockchain security and data analytics firm Peckshield, the loss is closer to $200 million. The security and data analytics firm was the first to observe a steady outflow from one of Bitmart’s addresses. The company said that it noticed outflows of tens of millions of dollars from one of Bitmart’s addresses to an address which Etherscan referred to as “Bitmart Hacker”.
According to Peckshield’s estimates, Bitmart lost about $100 million worth of various cryptocurrencies on the ethereum blockchain and another $96 million from cryptocurrencies on the Binance smart chain. The firm added that the hacker(s) stole more than 20 different tokens including Shiba Inu, Safemoon, Binance coin, etc.
This recent attack reminds us of the Poly Network attack in August. In what was concluded as one of the biggest cryptocurrency thefts, over $600 million was stolen from Poly Network by Hackers. The attack on the network was disclosed via Twitter. “The amount of money you hacked is the biggest in DeFi history”, one of Poly Network’s tweets read. The hacker(s) who stole the asset exploited a vulnerability in Poly Network, and the company urged the hacker(s) to return the stolen assets. According to researchers at security company SlowMist, immediately the assets were stolen, the hacker(s) sent them to three different addresses. The researchers also revealed that a total of $610 million was stolen from Poly Network. The funds were, however, returned and the hacker who seemed to be showing off his skills was rewarded with a $500,000 bug bounty reward.
Bitmart announced that other wallets apart from the affected ethereum and Binance smart chain “hot wallet” were unharmed and secured. It also mentioned that these wallets (ethereum and Binance smart chain wallets) held only a “small percentage” of all its assets, which sounded like it was trying to calm its users down…
It still remains a mystery the possible methods the hacker(s) used to steal the funds but Peckshield calls it a classic case of “transfer-out, swap, and wash”. According to Peckshield, after stealing the fund from Bitmart, the hacker(s) used decentralized exchange aggregator “1inch” to exchange the stolen token for ether, after which the fund was deposited into a privacy mixer called Tornado Cash which makes it very hard to trace.
Unlike the Poly Network attack, it doesn’t seem like the hacker(s) wants to show off his skills nor plans to return the stolen loot and it is still unclear how Bitmart plans to recover the funds.