BitMart Confirms Hackers Stole Almost $200M Worth Of Cryptocurrencies During Security Breach

BitMart, a popular cryptocurrency trading platform, has disclosed in a recent statement that it lost millions of dollars due to a "large-scale security breach" executed by hackers.

Blockchain security and data analytics firm PeckShield reported over the weekend that BitMart lost almost $200 million in cryptocurrencies. The trading platform later confirmed the breach and released a statement to advise crypto traders about withdrawals being suspended. It also assured users of the platform that a thorough security review was ongoing.

"We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets. At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 million," Sheldon Xia, founder and CEO of BitMart, confirmed.

"The affected ETH hot wallet and BSC hot wallet carries a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress," Xia added.

"At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation. Thank you very much," Xia said in a follow-up tweet.

It was PeckShield that uncovered the breach. Apparently, the firm noticed that one of BitMart's addresses revealed steady streams of whole token balances to an address labeled by Etherscan as "Bitmart Hacker." Some of these outflows were reportedly worth millions of dollars.

The security breach allowed hackers to steal 893,755,205,648 SHIB worth $32.7 million during the transfer. It was followed by $28.5 million in Saitama Inu and $6.8 million in Dogelon.

Based on PeckShield's estimate, the incident led to a loss of $100 million in various cryptocurrencies on the Etherious blockchain and $96 million on the Binance Smart Chain.

According to its firm's report, the malicious actors used decentralized exchange (DEX) aggregator linch to convert stolen assets to ether. The hackers then used a secondary address to deposit the cryptocurrency into a privacy mixer called Tornado Cash to make it difficult for authorities to track the stolen funds.

Besides Shiba Inu, Saitama Inu and Dogelon Mars, assets of other tokens like Binance Coin BNB, Saitama, BabyDoge, Crypto.com, Decentraland and Akita Inu were also compromised during the breach.