Crypto trading platform Bitmart confirmed a large-scale security breach that resulted in hackers successfully taking away around $150 million in crypto. The company said that it will reimburse customers affected by the cyberattack using its own money.
The crypto exchange explained that the security breach happened on December 4, 2021. With the use of a stolen private key, hackers were able to access the company’s two hot wallets.
“We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets on December 4th, 2021,” the company said. “At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD.”
While the crypto platform said that around $150 million in crypto assets were stolen during the hack, a blockchain security and data analytics firm came up with a different estimate, CNBC reported. Peckshield, which first published the hack, estimated the value of the stolen assets closer to $200 million. The publication contacted the exchange to clarify the discrepancy but the company declined to comment.
The exchange assured that the affected hot wallets contained only a small percentage of its assets. Crypto can be stored in a “hot,” “cold,” or a combination of both. As they are connected to the internet, “hot wallets” offer easy access to the stored digital currency but there’s also the potential risk of being targeted by hackers.
Peckshield estimated that hackers were able to steal around $100 million in crypto from its hot wallet on the Ethereum blockchain and $96 million from its Binance smartchain hot wallet. There are more than 20 different tokens which include shiba inu, safemoon, and binance coin.
“In response to this incident, BitMart has completed initial security checks and identified affected assets,” the company said on Monday. “This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed.” The company promised to compensate users affected by the hack using its own funds.