BitMart CEO claims stolen private keys led to the $196M hack

on Dec 6, 2021
  • According to Sheldon Xia, hackers got access to two out of four BitMart hot wallets.
  • The hackers stole $100 million from a wallet on Ethereum and $96 million from a BSC wallet.
  • BitMart intends to cover the incident and compensate affected users from its pocket.

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

Sheldon Xia, the CEO of crypto exchange BitMart, has disclosed the exchange suffered an attack after hackers stole two private keys to the exchange’s hot wallets. Xia shared these details through a tweetstorm earlier today, noting that the hackers drained $196.00 million (£147.69 million) from the wallets.

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

One of Xia’s tweets read,

In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed.

Xia further noted that BitMart would cover the incident and compensate affected users from its pocket. He added that the exchange is already in talks with multiple project teams to come up with the most reasonable solutions, including token swaps, to ensure user assets stay unharmed.

According to him, the exchange is currently trying to retrieve security setups to get its operations up and running again. He admitted that this would take time and that the exchange’s customers should try and bear with it.

The executive added that BitMart expects to resume withdrawals and deposits gradually on December 7. He went on to note that the exchange would announce detailed timelines soon.

Attacks continue plaguing the nascent asset class

Copy link to section

Xia’s disclosure came after crypto-security firm Peckshield first revealed this news on December 4. According to Peckshield, the hackers stole $100.00 (£75.30 million) worth of different cryptos from a wallet that ran on the Ethereum blockchain and $96 million (£72.29 million) from a wallet on the Binance Smart Chain (BSC).

In total, the attackers stole over 20 different digital assets from both wallets. The hackers then transferred the funds to 1Inch, a decentralized exchange aggregator, and swapped the various coins for Ethereum (ETH/USD). After this, they moved the funds to Tornado Cash, a privacy mixer, making the coins harder to trace.

This news comes after bad actors hacked BadgerDAO, a decentralized autonomous organization that lets users stake BTC as collateral across DeFi applications. The attack saw the DAO lose $120 million (£90.41). The hack allegedly saw Celsius Network lose over $50 million (£37.67 million) worth of wrapped Bitcoin (wBTC).

Before BitMart, malicious actors also leveraged a private key from the exchange’s administrator to steal $139 million (£104.73 million) from Boy X Highspeed (BXH), a decentralized cross-chain exchange. However, it remains unknown whether the attackers accessed the administrator’s computer or if it was an inside job.


Want easy-to-follow crypto, forex & stock trading signals? Make trading simple by copying our team of pro-traders. Consistent results. Sign-up today at Invezz Signals.

Learn more
Bitcoin BitMart Ethereum Crypto