Distributed Networks Institute
AscendEX Hack: $77 Million Stolen in Hot Wallet Breach
Summary
On December 11, 2021, AscendEX, a cryptocurrency exchange, was the victim of a hot wallet breach that resulted in the loss of $77 million. The attacker gained access to one of the exchange’s hot wallets, used to store user funds available for withdrawal.
Attackers
The identity of the attacker(s) remains unknown.
Wallet addresses to which assets were transferred:
- ERC20: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
- Polygon: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
- BSC: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
- LTC: LSvQWLf2kGm7UdXtwKvNj4GU1B4xKWUQXR
- BCH: qp2x5rnn2fkraxcp4hr6suqmnpdehfaaaqn3tv6jke
Losses
The attackers managed to steal approximately $77 million worth of assets from the AscendEX network. This included USDT, BNB, MATIC, and other tokens.
Timeline
- December 11, 2021: The attackers gain access to the wallet and withdraw a total of $77 million worth of assets.
- December 12, 2021, 04:28 AM +UTC: The AscendEX team announced on Twitter that tokens were transferred from their hot wallet
- December 13, 2021, 07:06 PM +UTC: The AscendEX team said it had temporarily suspended deposits and withdrawals.
- December 16, 2021, 01:45 AM +UTC: The AscendEX team announced the resumption of deposit and withdrawal services.
- December 16, 2021, 01:45 AM +UTC: The AscendEX team announced that they have reimbursed users for 100% of the losses incurred.
Security Failure Causes
The AscendEX team has not released any specific details about the security failures that led to the hack. Several possible reasons:
- Insider Threat: The incident could have been masterminded by a member of the exchange’s staff who had the requisite access privileges.
- Web Infrastructure Breach: The perpetrator may have gained unauthorized access to the exchange’s hot wallet services by taking advantage of security weaknesses in its web infrastructure.
- Social Engineering Assault: The attackers might have employed a combination of phishing strategies, exploits, malware, and clandestine entry methods to deceive employees into compromising their private keys.