AscendEX Hack: $77 Million Stolen in Hot Wallet Breach
Summary #
On December 11, 2021, AscendEX, a cryptocurrency exchange, was the victim of a hot wallet breach that resulted in the loss of $77 million. The attacker gained access to one of the exchange’s hot wallets, used to store user funds available for withdrawal.
Attackers #
The identity of the attacker(s) remains unknown.
Wallet addresses to which assets were transferred:
- ERC20: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
- Polygon: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
- BSC: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
- LTC: LSvQWLf2kGm7UdXtwKvNj4GU1B4xKWUQXR
- BCH: qp2x5rnn2fkraxcp4hr6suqmnpdehfaaaqn3tv6jke
Losses #
The attackers managed to steal approximately $77 million worth of assets from the AscendEX network. This included USDT, BNB, MATIC, and other tokens.
Timeline #
- December 11, 2021: The attackers gain access to the wallet and withdraw a total of $77 million worth of assets.
- December 12, 2021, 04:28 AM +UTC: The AscendEX team announced on Twitter that tokens were transferred from their hot wallet
- December 13, 2021, 07:06 PM +UTC: The AscendEX team said it had temporarily suspended deposits and withdrawals.
- December 16, 2021, 01:45 AM +UTC: The AscendEX team announced the resumption of deposit and withdrawal services.
- December 16, 2021, 01:45 AM +UTC: The AscendEX team announced that they have reimbursed users for 100% of the losses incurred.
Security Failure Causes #
The AscendEX team has not released any specific details about the security failures that led to the hack. Several possible reasons:
- Insider Threat: The incident could have been masterminded by a member of the exchange’s staff who had the requisite access privileges.
- Web Infrastructure Breach: The perpetrator may have gained unauthorized access to the exchange’s hot wallet services by taking advantage of security weaknesses in its web infrastructure.
- Social Engineering Assault: The attackers might have employed a combination of phishing strategies, exploits, malware, and clandestine entry methods to deceive employees into compromising their private keys.