The CEO of Bitmart, a cryptocurrency exchange, said that stolen private keys were behind the $196 million ($275 million AUD) hack.
Crypto exchange hack: Take #47
Yet another crypto exchange fell victim to a hack in early December. No, not Cream Finance, not Poly Network; we don’t mean the Bitconnect hack either. Don’t worry if you feel like you cannot keep track of all the hacks, but it’s none of the already-known victims. This month’s dubious honour goes to Bitmart, a crypto exchange that was exploited for a hefty $275 million AUD in various coins.
PeckShield, a security analysis firm, first tweeted about the hack on December 5 and drew attention to one of Bitmart’s hacked addresses. PeckShield later clarified that Bitmart was drained of roughly $200 million on both Ethereum and Binance Smart Chain.
Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain ). (Previously we only counted the loss on @ethereum). And here is the list of affected assets/amounts on @BinanceChain pic.twitter.com/cXXApDFtd7
— PeckShield Inc. (@peckshield) December 5, 2021
The hacker converted the stolen funds to Ethereum on 1inch, a decentralised exchange, and later put them through Tornado Cash, a privacy mixer that makes the provenance of cryptocurrencies harder to track.
While Bitmart initially claimed that the outgoing funds were regular deposits, it later had to backtrack on this statement. CEO Sheldon Xia clarified shortly after denying the hack that there indeed had been a “security breach” of the company’s hot wallets. He later also confirmed that a stolen private key was the cause of the hack and announced that Bitmart would compensate users out of company funds.
1/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.
— Sheldon Xia (@sheldonbitmart) December 5, 2021
Will security leaks in crypto ever stop?
This marks one of the biggest hacks of a centralised crypto exchange in history. True, decentralised finance is the target of malicious actors most of the time, as the space is still mostly a live experiment in developing a possibly fairer and more transparent financial system, which lacks most of the safeguards of traditional financial institutions. But while it is certainly not on the scale of the Mt.Gox hack – the infamous Tokyo-based crypto exchange had been drained for bitcoin now worth billions of dollars in 2013 – Bitmart still stands out as the biggest centralised exchange hack in 2021.
That begs the question: when will it ever stop?
Ask crypto critics, and they will tell you that hacks are just part and parcel for cryptocurrencies, which is exactly why regulation is needed or, in the worst of cases, it is better to do away with crypto altogether. And there is some truth to that argument. The crypto space is still sorely lacking suitable security measures that are easy for users to understand and hard for wrongdoers to exploit.
However, it would be wrong to lump together all of crypto and label the space a hotbed for cybercrime. Centralised exchanges can and will get better security measures to prevent exploits such as the Bitmart hack. Still, decentralised finance will have to experiment if true innovation is to be achieved. Policymakers should keep this in mind when they are faced with the next cryptocurrency hack headline.