[TheRecord] BitMart loses $150 million in the second-largest crypto-heist of the year

Cryptocurrency exchange BitMart said on Saturday that it was hacked for $150 million in what was the third hack of a cryptocurrency exchange of last week and the second-largest crypto-heist of the year.

The hack took place on Saturday morning, according to a statement released by the company and tweets from its CEO.

“We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets,” said BitMart founder and CEO Sheldon Xia on Twitter over the weekend.

Hot wallets are special wallets where exchange portals place a small portion of their funds to provide liquidity for their current stream of transactions.

On Monday, Xia said that the hackers appear to have gained access to the two private keys that the company was using to manage these wallets and approve operations.

How the hackers gained access to these keys remains unknown, but a compromise of an employee account is currently the main suspect.

On Twitter, Xia has also promised to cover the hack’s losses via the company’s funds, meaning users won’t lose any of their personal assets following the incident.

2/4 BitMart will use our own funding to cover the incident and compensate affected users. We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed.

— Sheldon Xia (@sheldonbitmart) December 6, 2021

Withdrawals are still frozen on the platform while the BitMart security team is finishing up its investigation, which Xia estimated would finish tomorrow, on December 7.

BitMart is currently ranked #113 on CoinMarketCap’s cryptocurrency exchange ranking, based on volume.

Even if blockchain security firm PeckShield estimated that the total lost assets in the BitMart hack would actually be estimated at $192 million, the company’s hack would rank as the second-largest crypto-heist of the year regardless.

PolyNetwork – $600 millionBitMart – $150 millionCream Finance – $130 million (October)Badger – $120 millionLiquid – $94 millionEasyFi – $81 millionbZx – $55 millionUranium Finance – $50 millionCream Finance – $37 million (February)Alpha Homora – $37 millionVee Finance – $35 millionMeerkat Finance – $31 millionMonoX Finance – $31 millionSpartan – $30 millionCream Finance – $29 million (August)pNetwork – $12 millionRari Capital – $11 million

The post BitMart loses $150 million in the second-largest crypto-heist of the year appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] SolarWinds attackers breached email of US prosecutors, says Department of Justice

All posts, ZDNet

Hackers – probably backed by Russia – had access to emails for over six months. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2019-08-10

iNSYNQ Ransom Attack Began With Phishing Email krebsonsecurity.com/2019/08/insynq-ransom-attack-began-with-phishing-email/ A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around iNSYNQs […]

Read More

[SecurityWeek] Apple Patches Vulnerabilities That Earned Hackers $500,000 at Chinese Contest

All posts, Security Week

The iOS and macOS security updates released on Monday by Apple patch vulnerabilities that earned researchers more than $500,000 at a Chinese hacking contest earlier this year. read more Source: Read More (SecurityWeek RSS Feed)

Read More