BitMart exchange suffers $196 million hack due to stolen private key

Hackers managed to steal millions of cryptocurrency tokens from an exchange

Hackers used the private key and managed to take crypto from the trading platform wallets

Cryptocurrency trading platform disclosed the large-scale security breach resulting in lost funds.^[1] CEO stated that all people affected should receive these funds back.^[2] The cyber attack was successful because hackers managed to steal a private key and steal millions in various cryptocurrencies. This security incident affected two hot wallets on the Ethereum blockchain and the Binance smart chain.

This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised.

The company noted that wallets carried a small percentage of the assets, and the analytics show that the total loss goes up to $200 million.^[3] The attack was a pretty straightforward transfer swap and possibly was quick. The exchange was forced to temporarily stop withdrawals and review security issues and resume operations in a few days. It is planned that all suspensions will end on December 7th.

Private key opened hot wallets: hundreds of millions stolen

Hackers used the stolen keys and drained $100 million worth of crypto from Ethereum blockchain and $96 million on Binance Smart Chain. All affected should be compensated, and the timetable should reach public in a few days once the company is done with analysis and plans. Attackers used decentralized exchange aggregator 1inch to swap funds to privacy mixer Tornado Cash, and this method allowed malicious actors to change their identities.

It is know known who was responsible and how this happened. These stolen funds were transferred to the mixing service, making them difficult to trace. Cryptocurrency stealers mainly use this form of digital currency because it is difficult to trace back to the person responsible.^[4] This is not the biggest hack and money loss, but one of the larger centralized exchange hacks to this day.

Major incidents involving other exchange platforms

The same issue with the leaked admin key and lost funds took place a few months back.^[5] Boy X High speed is the decentralized cross-chain exchange that lost $139 million of funds due to hackers. The key needed for the attacker possibly got leaked by someone on the inside, or the criminal broke into the keyholders' computer to obtain the needed key. Unfortunately, the inside job there was backed with some findings indicating the location of the attacker – China. This country is where most of the technicians are based.

It is sad and unfortunate for victims and these companies, but hackers are not likely gonna be found and held accountable for the drain of the wallets. If the responsible people can't be found and return the money, companies need to take full responsibility for the security incident and refunds.

There are much more security incident reports that involve cryptocurrency exchange hacks and losses. DeFi projects have been suffering in the last couple of months. Cream Finance suffered a loss of $130 million. The largest known hack hit cross-chain protocol Poly network lost $600 million. These funds eventually got returned. Hackers also released the note and referred to this incident as a wild adventure. The responsible criminals released the private key for the remaining $141 million of the stolen funds.