BitMart CEO claims stolen private keys led to the $196M hack

Sheldon Xia, the CEO of crypto exchange BitMart, has disclosed the exchange suffered an attack after hackers stole two private keys to the exchange’s hot wallets. Xia shared these details through a tweetstorm earlier today, noting that the hackers drained $196.00 million (£147.69 million) from the wallets.

One of Xia’s tweets read,

Xia further noted that BitMart would cover the incident and compensate affected users from its pocket. He added that the exchange is already in talks with multiple project teams to come up with the most reasonable solutions, including token swaps, to ensure user assets stay unharmed.

According to him, the exchange is currently trying to retrieve security setups to get its operations up and running again. He admitted that this would take time and that the exchange’s customers should try and bear with it.

The executive added that BitMart expects to resume withdrawals and deposits gradually on December 7. He went on to note that the exchange would announce detailed timelines soon.

Attacks continue plaguing the nascent asset class

Xia’s disclosure came after crypto-security firm Peckshield first revealed this news on December 4. According to Peckshield, the hackers stole $100.00 (£75.30 million) worth of different cryptos from a wallet that ran on the Ethereum blockchain and $96 million (£72.29 million) from a wallet on the Binance Smart Chain (BSC).

In total, the attackers stole over 20 different digital assets from both wallets. The hackers then transferred the funds to 1Inch, a decentralized exchange aggregator, and swapped the various coins for Ethereum (ETH/USD). After this, they moved the funds to Tornado Cash, a privacy mixer, making the coins harder to trace.

This news comes after bad actors hacked BadgerDAO, a decentralized autonomous organization that lets users stake BTC as collateral across DeFi applications. The attack saw the DAO lose $120 million (£90.41). The hack allegedly saw Celsius Network lose over $50 million (£37.67 million) worth of wrapped Bitcoin (wBTC).

Before BitMart, malicious actors also leveraged a private key from the exchange’s administrator to steal $139 million (£104.73 million) from Boy X Highspeed (BXH), a decentralized cross-chain exchange. However, it remains unknown whether the attackers accessed the administrator’s computer or if it was an inside job.