BitMart’s CEO has confirmed what the company is calling a “security breach.”
The latest centralized exchange hack may be among the most devastating to date as BitMart has lost $196 million in various cryptocurrencies.
A tweet from security analysis firm PeckShield first called attention to the alleged hack Saturday night. One of BitMart’s addresses currently shows steady outflows of entire token balances, some worth tens of millions of dollars, to an address currently labeled by Etherscan as the “BitMart Hacker.”
I’m also a Bitmart customer. I checked my account and it seems all ok.
Updated: December 11, 2021. Bitmart emailed their customers.
Dear BitMart User,
On December 4, 2021, BitMart identified a security breach related to two of its hot wallets. Within moments of identifying the breach, BitMart took immediate actions to shut down multiple systems and limit immediate threats. Concurrently, we commenced a thorough investigation of all our systems and processes to identify and eliminate potential risks. This enabled us to strengthen our security posture to shut out any perpetrators.
In concert with leading firms within the industry, we enacted immediate security reviews and investigation, both of which are currently ongoing. Findings thus far indicate that the breach affected two hot wallets: one BSC wallet and one ETH wallet. Based on initial investigation, it appears that approximately $200 million in digital assets were removed by a malicious actor, who had gained access to critical private keys. Our internal security teams have continued their round-the-clock efforts to investigate the cause of the breach, and to identify those responsible.
We are also working with cybersecurity specialists to strengthen our defenses against any potential future attacks. We have been in contact with law enforcement agencies and are working in collaboration with other cryptocurrency platforms, as they share our goal of mitigating the risk of attack from nefarious activities. Though we may have been the most recent victim of a large-scale attack, we are not alone in facing these threats.
We are working with our ecosystem partners to put every available resource toward thwarting future unlawful actions against cryptocurrency holders, platforms, and our communities.
Safely Restoring Services
On December 7, deposit and withdrawal functions for ETH and some ERC-20 tokens were brought back on. On the night after, Wednesday, December 8, BitMart restored deposit and withdrawal functions for partial BEP-20 tokens. As of last night at 11:00 PM EST, deposit and withdrawal features for multiple mainnet tokens including Bitcoin, Kusama, Polkadot, Solana, NEAR Protocol, Polygon and more, were resumed.
Trading has also resumed for AVAX, VEIL, and multiple tokens. Functionality for additional tokens will gradually be restored and announced after each passes a thorough security review.
New Deposit Addresses for Security Enhancement
To further guarantee operation in a secured environment, we also replaced all token deposit addresses including BTC, ETH, SOL, and all other tokens. As such, we strongly encourage you to log into your account and verify the new deposit addresses before initiating any deposits.
Upcoming System Maintenance on December 13
BitMart will be conducting system maintenance to improve the security and quality of services from 1:00 AM to 3:00 AM on December 13, 2021 EST. During this period, all services, including WEB/APP/API, will temporarily be suspended.
We recommend users cancel all uncompleted and pending orders by midnight EST on December 12. Your assets will be safe with BitMart during maintenance.
With sincere appreciation to our community, our team is making unremitting efforts to bring all functions of our platform back online as quickly as possible, while ensuring the security of user assets.
Please continue to check our website and Twitter for updates on restoring services, and we will post subsequent news as soon as it becomes available.
Thank you for your continued support and understanding.