Ethereum

Crypto bitmart 150m smart theblock – madis-fsl.org

Cryptocurrency exchange Bitmart has vowed to dig into its own pocket to pay affected users in a cyberattack that took around $150 million in cryptocurrency from it, according to a tweet posted by Bitmart CEO Sheldon Xia. , on Monday.

2/4 bitmart will use its own funding to cover the incident and compensate affected users. we are also talking to various project teams to confirm the most reasonable solutions, such as token swaps. user assets will not be damaged.

Reading: Crypto 150m ethereum smart theblock

— sheldon xia (@sheldonbitmart) December 6, 2021

“bitmart will use our own funds to cover the incident and compensate affected users. we are also talking to various project teams to confirm the most reasonable solutions, such as token swaps. user assets will not be damaged.” —@sheldonbitmart

on saturday, bitmart announced that attackers had stolen a private key and compromised two of the exchange’s hot wallets on the ethereum (eth) blockchain and binance smart chain (bsc), making off with approximately $150 million in assets in a “large-scale security breach.”

However, blockchain security and data analytics firm peckshield, the first to notice the breach on Saturday, estimated the loss to be closer to $200 million. on the day of the leak, peckshield tweeted a list of affected assets/amounts on @binancechain, noting that the losses were worth around $100m from the ethereum wallet and around 96m on the binance chain wallet.

estimated total loss: ~200 million (~100 million on @ethereum and ~96 million on @binancechain). (previously we only counted loss in @ethereum). and here is the list of affected assets/amounts on @binancechainpic.twitter.com/cxxapdftd7

See also: Best Places to Buy Ethereum for 2022 | The Ascent

— peckshield inc. (@peckshield) December 5, 2021

the assailants made off with a combination of more than 20 tokens, including binance coin, safemoon, and shiba inu.

bitmart hasn’t figured out exactly how the attackers managed to break through, but what happened next was pretty straightforward, according to peckshield: it was a classic case of “transfer, trade and wash”.

We want to know what your biggest cloud security concerns and challenges are and how your business is dealing with them. Participate with our exclusive and anonymous threat posting survey!

peckshield shared an illustration of the attack chain, shown below.

the transfer, exchange and money laundering scam. source: peckshield.

The infographic shows the transfer of funds out of bitmart, after which the crooks apparently used the decentralized exchange aggregator known as 1inch to exchange the stolen tokens for ether. They then deposited the ether coins into a privacy mixer known as tornado cash: a “washer” that makes funds difficult to trace by breaking the chain link between source and destination addresses.

It is not known if certain users were targeted.

hot or cold wallets

See also: QuickSwap lets users avoid Ethereum transaction fees with Polygon

In cryptocurrency parlance, a hot wallet refers to a wallet, a collection of private keys, that is connected to the internet. that internet connection makes them vulnerable to threat actors who can steal funds, but it also makes them faster than slower, more secure, and offline cold wallets.

bitmart noted that the affected wallets only had “a small percentage” of their assets and that the rest of their wallets came out unscathed.

The exchange has temporarily suspended withdrawals until further notice. xia said on twitter that bitmart is “doing everything possible to recover security settings” and resume operations. “We need time to make proper arrangements and your kind understanding during this period will be highly appreciated,” he said.

bitmart is now conducting “a comprehensive security review” and has promised to release updates as its investigation progresses. Additionally, Xia will be holding an “Ask Me Anything” session at 8 p.m. et Monday night to share more information about the violation, the compensation agreement, and the company’s plan to resume operations.

xia said that bitmart is confident that deposits and withdrawals will gradually resume tomorrow, Dec. 7, and that detailed schedules will be announced “very soon”.

The bitmart heist is just the latest in a series of attacks that have targeted cryptocurrency platforms, including poly network, cream finance, liquid and bzx. Last week, an attacker stole $120 million in cryptocurrency by compromising the Badgerdao decentralized finance (DEFI) website and emptying dozens of wallets before he could freeze their vaults.

“no surprise attackers are targeting crypto exchanges, in many ways new banks, making this a modern version of a bank heist with arguably less risk and effort,” steve forbes, government cybersecurity expert at nominet said via email. “With a lot of media focus around the use of cryptocurrency for nefarious purposes, I hope that these criminals also hope to attract less attention from law enforcement.”

There is a sea of ​​unstructured data on the internet related to the latest security threats.Sign up todayto learn key concepts of Natural Language Processing ( nlp) and how to use it to navigate the ocean of data and add context to cybersecurity threats (without being an expert!). Thisthreatpost live interactive town hall, sponsored by rapid 7, will feature security researchers erick galinkin of rapid7 and izzy lazerson of intsights (a rapid7 company ), plus threatpost reporter and webinar host becky bracken.register nowfor the live event!

share this article:

See also: How a 25-Year-Old Receives 1,118 a Month Mining Ethereum at Home

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button