Cryptocurrency exchange BitMart has coughed to a large-scale security breach relating to ETH and BSC hot wallets. The company reckons that hackers made off with approximately $150m in assets.
Security and analytics outfit PeckShield put the figure at closer to $200m.
“We have identified a large-scale security breach related to one of our ETH hot wallets and one of our BSC hot wallets today. At this moment we are still concluding the possible methods used. Hackers were able to withdraw assets of the value of approximately 150 million USD,” BitMart said.
“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress,” it added.
Worryingly for customers, BitMart has blocked withdrawals until it has completed a “thorough security review” or, in the common metaphor, shut the stable door after the horse has bolted.
A “hot wallet” is, according to Investopedia, a tool to allow a cryptocurrency owner to receive and send tokens. Wallets are used to keep these tokens secure, with a hot wallet connected to the internet while a cold wallet is not.
“Because hot wallets are connected to the internet, they tend to be somewhat more vulnerable to hacks and theft than cold storage methods,” BitMart’s site says. You think?
BitMart isn’t alone. Poly Network revealed in August that some of its systems had been compromised, with ne’er-do-wells draining hundreds of millions of dollars in digital assets from its platforms.
For his part, BitMart CEO Sheldon Xia attempted to soothe jittery customers, saying: “We are confident that deposit and withdrawal functions will gradually begin in December 7, 2021.”
The reaction on social media was sharply divided. On the one side are cryptocurrency fans lining up to offer support to the beleaguered company. On the other are critics drawn from a pool of those facing losses as well as the pile of folks who question why one would stash quite so many assets into a hot wallet.
The Register has asked BitMart for comment and will update should the company respond. ®