Crypto exchange Bitmart lost nearly $200 million in a hot wallet compromise hosted over the Ethereum (ETH) and Binance Smart Chain (BSC) blockchains.
The $200 million Bitmart hack was first revealed by Peckshield, a blockchain security and data analytics company, who initially identified a transfer of roughly $100 million over the Ethereum blockchain.
Further investigation from the team revealed a concurrent hack of $96 million over the crypto exchange’s BSC reserves:
Total estimated loss: ~200M (~100M on @ethereum and ~96M on @BinanceChain ). (Previously we only counted the loss on @ethereum). And here is the list of affected assets/amounts on @BinanceChain pic.twitter.com/cXXApDFtd7
— PeckShield Inc. (@peckshield) December 5, 2021
The hackers made away with a mix of over 20 tokens that includes altcoins such as BNB, Safemoon, BSC-USD and BPay. Sizable amounts of meme coins such as BabyDoge, Floki and Moonshot were also compromised in the hack.
According to Peckshield, the hack was a straightforward case of transfer-out, swap, and wash:
Bitmart CEO Sheldon Xia later confirmed the hack over Twitter as a “large-scale security breach” on ETH and BSC hot wallets:
“At this moment we are still concluding the possible methods used. The hackers were able to withdraw assets of the value of approximately USD 150 million.”
3/3 At this moment we are temporarily suspending withdrawals until further notice. We beg for your kind understanding and patience in this situation. Thank you very much.
— Sheldon Xia (@sheldonbitmart) December 5, 2021
In what seems like an ongoing threat to the crypto ecosystem, cryptocurrency lending platform Celsius confirmed a loss of $50 million in the exploit of decentralized finance (DeFi) protocol BadgerDAO.
The first reports on BadgerDAO’s security breach surfaced on Dec. 02, with the protocol officially announcing that it received multiple exports of unauthorized withdrawals of user funds on Wednesday.
Taking preventive measures similar to Bitmart, the Badger team continued investigating the issue and paused all smart contracts on the protocol to avoid any further losses.