BitMart Exchange Suffers $196 Million Security Breach

December 4, 2021

Summary #

On December 4, 2021, BitMart Exchange, a global cryptocurrency platform operating in 180+ countries, fell victim to a significant security breach. The attacker extracted approximately $196 million worth of various digital assets from the hot wallets of the exchange across two networks: Binance Smart Chain (BSC) - $96 million, and Ethereum - $100 million. The primary targets were meme-based tokens, such as SHIB and SAFEMOON. The attacker converted the stolen tokens into ETH and BNB via 1inch and laundered these assets using TornadoCash.

Attackers #

The identity of the attacker remains unknown. The hacker used the following addresses to transfer the funds:

Losses #

BitMart Exchange lost around $196 million in total from its hot wallets across Ethereum and Binance Smart Chain:

The stolen assets mainly consisted of memecoins like SHIB and SAFEMOON.

Timeline #

December 4, 2021, 21:31 UTC: The attack commenced on the Ethereum network. The attacker started by withdrawing ~$33M worth of SHIB tokens
December 4, 2021, 22:00 UTC: The attacker moved to BSC and withdrew ~$41M worth of SAFEMOON tokens
December 5, 2021, 03:01 UTC: The hacker transferred the stolen funds to TornadoCash

Security Failure Causes #

Compromised Private Key: Although the BitMart Exchange has not officially disclosed the cause of their recent security issues, it is highly probable that the private key of the hot wallets was compromised.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam