Sheldon Xia, the CEO of BitMart, said that the crypto exchange will refund the users who fell victim to a large-scale hack on Saturday night out of its own pocket.
Xia took to Twitter on Monday morning to confirm that the incident was caused by a stolen private key to two of BitMart’s hot wallets.
“BitMart will use our own funding to cover the incident and compensate affected users,” wrote Xia. “We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed.”
Per the official announcement, BitMart suffered “a large-scale security breach,” which resulted in the exchange’s Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets being compromised.
Unlike the so-called cold wallets, which are usually hardware devices like USB drives designed to store cryptocurrencies offline, hot wallets are connected to the internet which allows for faster and easier transactions. The convenience of using hot wallets comes with a trade-off, though, as they are more vulnerable to online attacks.
BitMart’s announcement reported that hackers managed to make off with about $150 million in stolen funds.
However, according to blockchain security firm Peckshield, the total estimated loss is closer to $200 million, with approximately $100 million in assets issued on the Ethereum blockchain and about $96 million in BSC-based assets stolen.
Breaking down the BitMart hack
Peckshield noticed the breach on Saturday night, pointing to an outflow of tens of millions of dollars from one of BitMart’s addresses.
The analysts later said the attack was “pretty straightforward”—the hacker swapped the stolen tokens through decentralized exchange (DEX) aggregator 1inch and used Tornado Cash, a mixing service for the Ethereum blockchain, to obfuscate their identities.
“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed,” BitMart said in a statement.
Currently, the Cayman Islands-based exchange is conducting “a thorough security review” and has temporarily suspended all deposits and withdrawals.
Xia said the team is “confident” that these functions will be gradually restored on December 7.
The BitMart incident came less than 72 hours after BadgerDAO, a decentralized autonomous organization (DAO) that brings Bitcoin to the world of decentralized finance (DeFi), fell victim to a $120 million hacking attack.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.