Hackers have hit yet another cryptocurrency exchange, stealing between $150 million and $200 million in cryptocurrency.
BitMart, which bills itself as “the most trusted crypto trading platform,” announced on Monday that it had suffered a “large-scale” security breach. The company said hackers stole assets worth around $150 million in Ethereum and other cryptocurrencies.
“We are now conducting a thorough security review and we will post updates as we progress. At this moment, we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation,” the company wrote in the announcement.
Do you research vulnerabilities on cryptocurrencies and their networks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email firstname.lastname@example.org
In the last week alone, hackers have stolen almost $300 million in cryptocurrency in two separate hacks: the recent attack suffered by BitMart, and last week’s web-based scam targeting blockchain "bridge" protocol BadgerDAO. This has been a really, really, bad year for cryptocurrency platforms and security, with much activity occurring in the fast-moving world of decentralized finance, or DeFi. According to one tally, 16 different crypto projects and companies have been hacked, including the crypto lending service C.R.E.A.M., which got exploited via a complex "flash loan" and lost $130 million, and the popular platform Poly Network, which lost and then recovered $600 million in a bizarre public exchange with the hacker, which the company called “Mr. White Hat.”
BitMart did not immediately respond to a request for comment.
It’s unclear exactly how much money the hackers took in the BitMart hack. BitMart said it was around $150 million, but crypto security company PeckShield said it was around $196 million.
BitMart CEO Sheldon Xia said in a Twitter thread that the breach was “mainly caused by a stolen private key that had two of our hot wallets compromised.” He did not say how the hackers stole the private key. He also said the company will use its own funds to compensate the affected users.