BitMart has announced that it would reimburse victims of the large-scale security breach that affected the crypto trading platform on Saturday. BitMart stated that hackers had accessed around $150 million worth of assets. However, Peckshield, the security firm that first broke the news of the hack, puts that figure closer to $200 million.
BitMart, on its part, has assured users that have been affected by the hack that it will reimburse them using its own money.
Affected Assets And Cause Of The Breach Identified
BitMart released an official statement on Monday, communicating to its users that it had completed all initial security checks and had conclusively identified the affected assets. The exchange also stated that it had identified the cause of the hack, which was a stolen private key.
This stolen key affected two of the exchange’s hot wallets, but it assured users that other assets were safe. BitMart also assured its users that the affected wallets only contained a small percentage of its assets.
Discovering The Hack
The security firm, Peckshield, first noticed the hack when one of BitMart’s addresses was showing a steady outflow of millions of dollars to one particular address. Etherscan referred to this address as the “BitMart Hacker.”
Peckshield’s initial estimates showed that the cryptocurrency exchange had lost around $100 million in different cryptocurrencies on Ethereum and a further $96 million on the Binance Smart Chain. The hackers made off with over 20 different tokens, including Shiba Inu, Safemoon, and Binance Coin.
Making The Funds Harder To Track
Once the hackers had custody of the assets, they followed the “transfer out, swap, and wash” strategy to cover their tracks. Once the funds were transferred out of BitMart, the hackers turned to 1inch, a decentralized exchange aggregator. Here, the stolen tokens were exchanged to Ether and then deposited into Tornado Cash, A privacy mixer that makes coins harder to trace.
According to Chief Information Officer at Digital Shadows, Rick Holland, hackers often utilize a mixing or tumbling service which allows them to mix ill-gotten funds with legitimate crypto.
Wave Of Recent Attacks
The attack on BitMart is the latest in a series of high-profile attacks. Crypto lender Celsius Network announced that it had lost funds, although it did not mention the exact amount lost. This was a direct result of the hack of the DeFi platform BadgerDAO. Back in August, Poly Network saw over $600 million stolen, but the hacker subsequently returned almost all of the money.