BitMart Exchange Suffers $196 Million Security Breach
Summary #
On December 4, 2021, BitMart Exchange, a global cryptocurrency platform operating in 180+ countries, fell victim to a significant security breach. The attacker extracted approximately $196 million worth of various digital assets from the hot wallets of the exchange across two networks: Binance Smart Chain (BSC) - $96 million, and Ethereum - $100 million. The primary targets were meme-based tokens, such as SHIB and SAFEMOON. The attacker converted the stolen tokens into ETH and BNB via 1inch and laundered these assets using TornadoCash.
Attackers #
The identity of the attacker remains unknown. The hacker used the following addresses to transfer the funds:
- Ethereum:
- BSC:
Losses #
BitMart Exchange lost around $196 million in total from its hot wallets across Ethereum and Binance Smart Chain:
The stolen assets mainly consisted of memecoins like SHIB and SAFEMOON.
Timeline #
- December 4, 2021, 21:31 UTC: The attack commenced on the Ethereum network. The attacker started by withdrawing ~$33M worth of SHIB tokens
- December 4, 2021, 22:00 UTC: The attacker moved to BSC and withdrew ~$41M worth of SAFEMOON tokens
- December 5, 2021, 03:01 UTC: The hacker transferred the stolen funds to TornadoCash
Security Failure Causes #
Compromised Private Key: Although the BitMart Exchange has not officially disclosed the cause of their recent security issues, it is highly probable that the private key of the hot wallets was compromised.