BitMart loses $150 million in the second-largest crypto-heist of the year

Cryptocurrency exchange BitMart said on Saturday that it was hacked for $150 million in what was the third hack of a cryptocurrency exchange of last week and the second-largest crypto-heist of the year.

The hack took place on Saturday morning, according to a statement released by the company and tweets from its CEO.

"We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets," said BitMart founder and CEO Sheldon Xia on Twitter over the weekend.

Hot wallets are special wallets where exchange portals place a small portion of their funds to provide liquidity for their current stream of transactions.

On Monday, Xia said that the hackers appear to have gained access to the two private keys that the company was using to manage these wallets and approve operations.

How the hackers gained access to these keys remains unknown, but a compromise of an employee account is currently the main suspect.

On Twitter, Xia has also promised to cover the hack's losses via the company's funds, meaning users won't lose any of their personal assets following the incident.

Withdrawals are still frozen on the platform while the BitMart security team is finishing up its investigation, which Xia estimated would finish tomorrow, on December 7.

BitMart is currently ranked #113 on CoinMarketCap's cryptocurrency exchange ranking, based on volume.

Even if blockchain security firm PeckShield estimated that the total lost assets in the BitMart hack would actually be estimated at $192 million, the company's hack would rank as the second-largest crypto-heist of the year regardless.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.