BITMART

DESCRIPTION OF EVENTS

"The most trusted cryptocurrency trading platform. "Our mission is to provide simple and secure crypto products and services. Whether you are an individual or an institution, we want to help you buy, sell, and store your cryptocurrency." "BitMart Exchange is a premier global digital asset trading platform in the cryptocurrency market with over 2 million users worldwide." "BitMart is a Cayman Islands-based centralized cryptocurrency exchange with offices in New York, China, Hong Kong, and Seoul. BitMart is rated 115 among crypto exchanges by Coinmarketcap.com, based on traffic, liquidity, trading volumes, and trust in the validity of stated trade volumes."

"Our vision is to bring cryptocurrency available to everyone everywhere, we believe, the decentralized digital currency will reshape the global economic fundamentally, such financial freedom would bring further economic innovation, efficiency, and equality to the world. But it won’t happen unless we build simple, and secure products for individuals and institutions around the world to discover and interact with this new frontier."

"Only less than 0.5% of our assets are stored in a hot wallet for daily operation in order to strengthen the protection of digital assets." "More than 99% of our funds are stored in offline cold wallets to prevent feature loss and funding from cold wallet requires multiple signatures from several high-level members."

"Global digital asset trading exchange BitMart has recently started a collaboration with Hacken, a leading cybersecurity consulting company, to strengthen BitMart’s security of trading cryptocurrencies for its users all around the world." "Hacken will support BitMart to ensure the platform remains secure by operating cybersecurity assessments to spot potential vulnerabilities and providing solutions accordingly. As for first steps, Hacken Tam will perform penetration and DDOS resistance testing in order to confirm the safety of our users' funds. By applying Hacken's anti-fraud technology, BitMart can provide a hacker-resistant system for securing transactions on the blockchain."

“BitMart values cybersecurity of our exchange platform more than anything,” said Sheldon Xia, CEO at BitMart, “and Hacken’s zero-tolerance to scam and fraud in crypto aligns with our mission to protect our digital assets, personal data of our users from cybercriminals. We are excited to collaborate with Hacken to make the goal of establishing one of the safest cryptocurrency trading environments in the world come true.”

"A tweet from security analysis firm Peckshield first called attention to the alleged hack Saturday night. One of Bitmart’s addresses currently shows steady outflows of entire token balances, some worth tens of millions of dollars, to an address currently labeled by Etherscan as the “Bitmart Hacker”"

"PeckShield initially detected an unusually high number of outbound transfers about 7.30 p.m. UTC. It was discovered that starting at 4.30 p.m. EST, a number of tokens were transferred out of BitMart’s hot wallet. Large quantities of meme tokens, such as Shiba (SHIB), as well as half a million dollars in the stable coin USDC, were among the tokens."

"In a follow-up tweet, Peckshield estimated the losses to be $100 million in various cryptocurrencies on the Ethereum chain, and $96 million on Binance Smart Chain."

"Peck Shield Co., Ltd. said that money was stolen using “Very easy: transfer, replacement, and cleaning” technique."

"The hacker has been systematically using decentralized exchange aggregator 1inch to swap the stolen assets for the cryptocurrency ether (ETH), and using a secondary address to deposit the ETH into privacy mixer Tornado Cash thus making the hacked funds harder to track."

"In an official Telegram channel, Bitmart representatives initially claimed that the outflows were routine withdrawals, referring to the reports of the hack as “fake news.”"

"On December 4, 2021, at approximately 6:30 pm EST, BitMart identified a security breach related to two of its hot wallets. Within moments, a security response was activated, with multiple systems shut down procedurally to prevent additional losses, including account withdrawals and the trading of certain pairs."

"Hours later, however, Bitmart CEO Sheldon Xia confirmed that the outflows were indeed a hack resulting from a “security breach.” "With this single private key, the hackers were able to steal a total of about $196 million worth of cryptocurrencies from the two wallets." "Blockchain security firm Peckshield — which spotted and tweeted out a warning of the leak about an hour and a half before BitMart CEO Sheldon Xia announced it."

"We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions." "[T]he company’s internal analysis says that the funds came from just two hot wallets (those that are connected to the internet). The wallets were apparently breached via the theft of a private key."

"In concert with leading firms worldwide, a comprehensive security review and investigation was enacted and remains ongoing. Findings thus far indicate that the breach affected two hot wallets: one BSC wallet and one ETH wallet. Based on initial investigation, it appears that approximately $200 million in digital assets were removed by a malicious actor who had gained access to critical private keys."

"The affected ETH hot wallet and BSC hot wallet carries a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress."

"At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation. Thank you very much."

"In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed."

"In addition to these new measures, our internal security teams have continued their round-the-clock efforts to investigate the cause of the breach, and to identify those responsible. We are also working with cybersecurity specialists to bolster our ongoing efforts to track the hackers and to strengthen our defenses against any future attack."

"We have been in contact with law enforcement agencies and are working in collaboration with other cryptocurrency platforms, as they share our goal of mitigating the risk of attack from nefarious activities. Though we may have been the most recent victim of a large-scale attack, we are not alone in facing these threats. We are working with our ecosystem partners to put every available resource toward thwarting future unlawful actions against cryptocurrency holders, platforms and our communities."

"BitMart will use our own funding to cover the incident and compensate affected users. We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed."

"We are now doing our best to retrieve security set-ups and our operation. We need time to make proper arrangements and your kind understanding during this period will be highly appreciated."

"In terms of asset deposit and withdrawals, we are confident that deposit and withdrawal functions will gradually begin in December 7, 2021. The detailed timelines will be announced very soon. Thank you."

"Our CEO @sheldonbitmart will conduct an AMA at 8PM EST Dec 6 on Telegram to share more info regarding the security breach, compensation arrangement, and how we plan to resume operation. We will strive to maintain transparency and your support to BitMart is highly appreciated."

"The deposit and withdrawal function of all tokens will be resumed step by step, along with the recovery progress of security testing and public chain development. No worries, we are marching forward, security will be always the first priority."

"As part of our security upgrade, BitMart will be replacing all deposit addresses including BTC, ETH, SOL, and all other tokens.Please verify the deposit addresses with BitMart before initiating any deposits. Tokens may not be retrievable if they are mistakenly deposited into the wrong addresses. BitMart is not responsible for faulty deposits."

"As of now, we have resumed deposit and withdrawal for the mainnets below: Avalanche, Binance Chain, Bitcoin, Casper Network, Chia, Ethereum, Harmony, HecoFi, IoTeX, Internet Computer, Kusama, NEAR Protocol, PlatOn Network, Polkadot, Polygon, Solana, Stellar, Tether, Tron, VeChain."

"Thanks to the support of Alexander Capital Ventures, Alpha Square Group, and Chaos Ventures, We will continue to improve user experience and create value for the industry. We'd also like to thank all our BitMart community members and BMX holders." "We are grateful that our community of users, partners, friends, and project teams have continued to trust and stand with us during this time."

BitMart is one of the largest cryptocurrency exchange platforms in the globe. On December 4th, two of their hot wallets were breached and $196m worth of various assets were rapidly withdrawn. After the initial confusion, the company started their investigation. Limited information has been revealed publicly, however the company has stated they will be fully compensating all affected users.

HOW COULD THIS HAVE BEEN PREVENTED?

It's unclear if BitMart needed to have such a large volume of funds in their hot wallets and exactly how the private key was breached. An obvious way to reduce the damage would be to limit the funds in the hot wallet, and there are many steps platforms can take to reduce risks. Setting aside specific funds for self-insurance or forming an industry insurance fund would provide greater certainty for platform users in similar future events.

Check Our Framework For Safe Secure Exchange Platforms

Crypto Exchange BitMart Hacked With Losses Estimated at $196M (Dec 5)
Address 0x68b22215ff74e3606bd5e6c1de8c2d68180c85f7 | Etherscan (Dec 22)
Address 0x39fb0dcd13945b835d47410ae0de7181d3edf270 | Etherscan (Dec 22)
@peckshield Twitter (Dec 22)
@MilianIstatkov Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
@sheldonbitmart Twitter (Dec 22)
[Important Notice] BitMart Security Upgrade - New Deposit Addresses – BitMart (Dec 22)
@BitMartExchange Twitter (Dec 22)
BitMart hack: users will be reimbursed- The Cryptonomist (Dec 23)
BitMart to compensate victims of $150m hack | AIBC News (Dec 23)
BitMart suspends withdrawals after hackers drained almost $200 million in cryptocurrencies using a stolen private key (Dec 23)
@TheDavey92 Twitter (Dec 23)
@TheDavey92 Twitter (Dec 23)
https://bitmart-exchange.medium.com/bitmart-collaborates-with-hacken-on-blockchain-and-cryptocurrency-security-bbf14d97be52 (Dec 23)
@peckshield Twitter (Dec 23)
BitMart - Cryptocurrency Exchange | Buy & sell Bitcoin, Ethereum, Tether instantly (Aug 22)
BitMart - Cryptocurrency Exchange | Buy & sell Bitcoin, Ethereum, Tether instantly (Aug 22)
https://bitmart-exchange.medium.com/bitmart-response-to-security-breach-71ccc2200285 (Dec 23)
https://bitmart-exchange.medium.com/bitmart-takes-action-to-increase-security-and-bolster-defenses-22489023c989 (Dec 23)
https://bitmart-exchange.medium.com/bitmart-completes-system-maintenance-and-restores-trading-for-additional-tokens-b0d4babf739f (Dec 23)
https://bitmart-exchange.medium.com/bitmart-securely-resumed-deposit-withdrawal-on-multiple-major-mainnets-e2b938611b77 (Dec 23)
BitMart Security Breach Update – BitMart (Dec 23)
https://www.pymnts.com/cryptocurrency/2021/196-million-dollar-bitmart-hack-puts-crypto-weakness-display/ (Dec 23)
https://www.cnbc.com/2021/12/05/hackers-take-196-million-from-crypto-exchange-bitmart-in-large-breach.html (Dec 23)
@peckshield Twitter (Dec 23)
https://www.cpomagazine.com/cyber-security/victims-of-bitmart-crypto-theft-to-be-partially-compensated-crypto-exchange-lost-196-million-in-breach-will-return-150-million-to-users/ (Dec 23)
https://mobile.twitter.com/certikorg/status/1467358524254695424 (Jan 7)
Rekt - BitMart - REKT (May 31)
Badger DAO Appears to Have Lost Over USD 120M in an Attack (Dec 1)
Bitmart Says It Lost USD 150M In a Hack, Suspends Withdrawals (Dec 1)
Santa Hackathon? Visor Finance Marks 7th Hack in December (Dec 1)
Timeline of Cyber Incidents Involving Financial Institutions - Carnegie Endowment for International Peace (Dec 12)

More case studies

Fake Liquidity
Mining Scams

SolaKnights Rug Pull
Equivalent_Toe5454