Crypto exchange Bitmart reported losing almost $200 million in a hot wallet compromise hosted on the Ethereum (ETH) and Binance Smart Chain (BSC) blockchains.
Peckshield, a blockchain security, and data analytics agency, revealed the Bitmart hack by identifying a transfer of $100 million over the Ethereum blockchain.
An investigation by the team revealed a concurrent hack of $96 million from the crypto exchange’s BSC reserves:
Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain ). (Previously we only counted the loss on @ethereum). And here is the list of affected assets/amounts on @BinanceChain pic.twitter.com/cXXApDFtd7
— PeckShield Inc. (@peckshield) December 5, 2021
The hackers made off with a mix of over 20 tokens including Binance Coin (BNB), Safemoon, BSC-USD, and BPay. Sizable amounts of meme coins such as BabyDoge, Floki and Moonshot were also compromised in the hack.
According to Peckshield, the hack was a straightforward case of transfer-out, swap, and wash:
Pretty straightforward: transfer-out, swap, and wash @sheldonbitmart pic.twitter.com/LyA03sbgCZ
— PeckShield Inc. (@peckshield) December 5, 2021
Bitmart CEO Sheldon Xia later confirmed the hack over Twitter as a “large-scale security breach” on ETH and BSC hot wallets:
“At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 million.”
3/3 At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation. Thank you very much.
— Sheldon (@sheldonbitmart) December 5, 2021
In what seems like an ongoing threat to the crypto ecosystem, cryptocurrency lending platform Celsius confirmed a loss of $50 million in the exploit of decentralized finance (DeFi) protocol BadgerDAO.
The first reports on BadgerDAO’s security breach surfaced on Dec. 02, with the protocol officially announcing that it received multiple exports of unauthorized withdrawals of user funds on Wednesday.
Taking preventive measures similar to Bitmart, the Badger team continued investigating the issue and paused all smart contracts on the protocol to avoid any further losses.