Cryptocurrency trading platform BitMart has disclosed a “large-scale security breach” that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies.
The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company noted that the wallets carried only a “small percentage” of the assets.” Hot wallets, as opposed to their cold counterparts, are connected to the internet and allow cryptocurrency owners to receive and send tokens.
Blockchain security and data analytics company PeckShield estimated the total loss to be around $200 million, calling the whole chain of events “Pretty straightforward: transfer-out, swap, and wash.”
“This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised,” BitMart’s chief executive Sheldon Xia said in a series of tweets sent out earlier today. In light of the incident, BitMart said it’s temporarily suspending withdrawals until further notice and added a thorough security review was underway, with plans to resume the operations on December 7.
The development is the latest in a wave of hacks that have targeted cryptocurrency platforms such as PolyNetwork, Cream Finance, Liquid, and bZx, among others.
Last week, malicious actors orchestrated a heist amounting to $120 million worth of Bitcoin and Ether assets from BadgerDAO, a decentralized finance (DeFi) lending service. In a separate development, blockchain startup MonoX Finance disclosed that a hacker drained roughly $31 million by exploiting a “smart contract” error in the software the service uses to carry out token swaps and enable customers to trade tokens with other networks participants.
And in August, an unnamed attacker stole more than $600 million worth of tokens from the cryptocurrency platform PolyNetwork, only to return nearly all of the money two weeks later.
Illustration by: M. Hopman on Unsplash