{"id":54107,"date":"2021-12-05T10:10:12","date_gmt":"2021-12-05T08:10:12","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=54107"},"modified":"2025-09-03T18:38:01","modified_gmt":"2025-09-03T15:38:01","slug":"hackers-siphoned-more-than-150-million-from-bitmart-hot-wallets","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/hackers-siphoned-more-than-150-million-from-bitmart-hot-wallets\/","title":{"rendered":"Hackers siphoned more than $150 million from BitMart hot wallets"},"content":{"rendered":"<p>BitMart, a Cayman Islands-registered cryptocurrency exchange, said its hot wallets for Ethereum and Binance Smart Chain (BSC) were breached. Hackers withdrew more than $150 million from the platform.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We have identified a large-scale security breach, and we are now conducting a thorough security review &#038; we\u2019ll strive to maintain transparency. All withdrawals are temporarily suspended until further notice.<\/p>\n<p>We appreciate your understanding and patience.<a href=\"https:\/\/t.co\/WdipLLOvY9\">https:\/\/t.co\/WdipLLOvY9<\/a> <a href=\"https:\/\/t.co\/XFlY4RyWSe\">pic.twitter.com\/XFlY4RyWSe<\/a><\/p>\n<p>\u2014 BitMart.Exchange (@BitMartExchange) <a href=\"https:\/\/twitter.com\/BitMartExchange\/status\/1467350568481878016?ref_src=twsrc%5Etfw\">December 5, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>PeckShield was among the first to spot the attack. During the night of December 4\u20135, they flagged a series of suspicious transactions on the Ethereum network from the platform. These transfers included tokens such as Gala (GALA), The Sandbox (SAND), Decentraland (MANA), Shiba Inu (SHIB), as well as $500 000 in the stablecoin USD Coin (USDC).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">hot wallet compromised? <a href=\"https:\/\/twitter.com\/BitMartExchange?ref_src=twsrc%5Etfw\">@BitMartExchange<\/a> <a href=\"https:\/\/t.co\/pfb7215pBO\">https:\/\/t.co\/pfb7215pBO<\/a> <a href=\"https:\/\/t.co\/v2C1KYtaqd\">pic.twitter.com\/v2C1KYtaqd<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1467289808045494276?ref_src=twsrc%5Etfw\">December 5, 2021<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Subsequently, data emerged about the breach of the BSC wallet. PeckShield estimates that hackers withdrew about $200 million from the platform \u2014 around $100 million in <a href=\"https:\/\/u1f987.com\/en\/news\/what-are-erc-20-tokens\">ERC-20<\/a> tokens, and about $96 million in BEP-2 and BEP-20 tokens. A similar damage assessment was provided by RugDoc.<\/p>\n<p>The BitMart administration initially denied the breach. In the platform&#8217;s Telegram channel, users were assured that their funds were safe, and reports of a security issue were described as &#8216;fake&#8217;.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Interesting from <a href=\"https:\/\/twitter.com\/BitMartExchange?ref_src=twsrc%5Etfw\">@BitMartExchange<\/a> \u2026\ud83d\ude33\ud83d\ude33\ud83d\ude33 \ud83d\ude4f\ud83d\ude4f\ud83d\ude4f <a href=\"https:\/\/t.co\/dFrzSww0fs\">https:\/\/t.co\/dFrzSww0fs<\/a> <a href=\"https:\/\/t.co\/GuDB7bt2eC\">pic.twitter.com\/GuDB7bt2eC<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1467316799977193476?ref_src=twsrc%5Etfw\">December 5, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A few hours later, founder and CEO Sheldon Xia confirmed that the exchange&#8217;s wallets had been hacked. He said the damage from the attackers&#8217; actions amounted to $150 million.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/3 We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 millions.<\/p>\n<p>\u2014 Sheldon Xia (@sheldonbitmart) <a href=\"https:\/\/twitter.com\/sheldonbitmart\/status\/1467316252855226368?ref_src=twsrc%5Etfw\">December 5, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00abWe have identified a large-scale security breach related to one of our ETH hot wallets and one hot BSC wallet. We are still determining the possible vector of attack. Hackers were able to withdraw assets worth approximately $150 million\u00bb, \u2014 wrote he.<\/p>\n<\/blockquote>\n<p>Xia said that the compromised wallets held a &#8216;negligible&#8217; percentage of BitMart&#8217;s assets. The company is investigating the incident, and withdrawals from the platform were blocked during the investigation.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">6 December 2021 | 12:12<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>Xia clarified that the breach occurred as a result of the theft of a private key, with which two hot wallets were compromised. Other assets on the platform were not affected.<\/p>\n<p>He also promised that the exchange would compensate affected users out of its own funds.<\/p>\n<p>According to him, the deposits and withdrawals feature would be gradually enabled starting 7 December.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">1\/4 In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed.<\/p>\n<p>\u2014 Sheldon Xia (@sheldonbitmart) <a href=\"https:\/\/twitter.com\/sheldonbitmart\/status\/1467722437735428098?ref_src=twsrc%5Etfw\">December 6, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<p>Hackers systematically used the 1inch aggregator to swap stolen tokens for ETH. They then moved the cryptocurrency to an intermediate address, from which they sent funds to the Ethereum mixer Tornado Cash.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Pretty straightforward: transfer-out, swap, and wash <a href=\"https:\/\/twitter.com\/sheldonbitmart?ref_src=twsrc%5Etfw\">@sheldonbitmart<\/a> <a href=\"https:\/\/t.co\/LyA03sbgCZ\">pic.twitter.com\/LyA03sbgCZ<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1467318513971118083?ref_src=twsrc%5Etfw\">December 5, 2021<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier in August 2021, hackers <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-breach-hits-bilaxy-hot-wallets-exchange-cautions-users-to-refrain-from-deposits\">breached Bilaxy&#8217;s hot wallets<\/a>.<\/p>\n<p>In the same month, attackers <a href=\"https:\/\/u1f987.com\/en\/news\/liquid-bitcoin-exchange-hacked-for-80-million\">pulled out more than $80 million in cryptocurrency<\/a> from the Liquid platform.<\/p>\n<p>Read ForkLog&#8217;s bitcoin news on our <a href=\"\/\/telegram.me\/forklog\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>BitMart, a Cayman Islands-registered cryptocurrency exchange, said its Ethereum and Binance Smart Chain hot wallets were breached. Hackers withdrew more than $150 million from the platform.<\/p>\n","protected":false},"author":1,"featured_media":54108,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1166,1154],"class_list":["post-54107","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-centralized-exchanges-cex","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"24","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/54107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=54107"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/54107\/revisions"}],"predecessor-version":[{"id":54109,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/54107\/revisions\/54109"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/54108"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=54107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=54107"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=54107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}