It’s easy for the crypto industry to get complacent over issues like security. Over the past few years, the volume of exchanges being hacked has dropped significantly as many of these platforms are now seeing the dividends of investing in proper security.
However, this isn’t to say that hackers still aren’t lurking. This month, the entire crypto market got a stark reminder there’s no such thing as a day off when it comes to security.
BitMart Gets Hacked
In early December, BitMart - a cryptocurrency exchange - was confirmed to have suffered a security breach that cost up to $200 million in customer funds. The hack had first been identified by Peckshield - a blockchain security and data analytics firm - after it noticed the movement of $100 million in funds across the Ethereum blockchain. Fund transfers like these rarely just happen by coincidence, and Peckshield’s analysts were interested to know what happened.
Through further investigations, Peckshield found that the hackers had also stolen $96 million from BiitMart’s Binance Smart Chain servers. The hackers had made off with a mix of different tokens - including Bitcoin, Safemoon, BabyDoge, Floki Inu, and many more.
Sheldon Xia, BitMart’s chief executive, confirmed the hack in a separate tweet. Xia explained that BitMart will proceed to suspend withdrawals for the time being while they investigate the origins and possible remediation steps for the “large-scale” security breach.
AscendEX Loses Millions
The BitMart situation is nothing but an additional wake-up call for the crypto space. Everyone needs to focus on improving their security infrastructure as hackers will continue looking for flaws to exploit. The biggest exchanges probably understand this more since they are always under the microscope. Anyone looking to make a big score will probably search Binance or Coinbase to hack, but several upstart crypto companies are also being hit significantly.
In the wake of the BitMart attack, another exchange - AscendEX - has also faced a security challenge. Just days after BitMaart, AscendEX suffered a $78 million loss after its hot wallets were compromised, and hackers were able to make off with funds from its Ethereum, Binance Smart Chian, and Polygon blockchains.
Peckshield also caught the AsscendEX breach, confirming that about $60 million had been stolen from the trading platform’s Ethereum-hosted hot wallets. The funds stolen from its Smart Chain and Polygon wallets amounted to $9.2 million and $8.5 million, respectively, with the hackers stealing several coins - including USDT, Shiba Inu, and USDC.
The two hacks definitely have a lot in common - primarily, the fact that the hackers had stolen money from their hot wallets. Exchanges and trading platforms are usually faced with the stress of storing funds in cold wallets - which are uncrackable. But, the problem with moving funds from cold wallets remains, and many platforms just prefer to stick with their hot wallets so that their customers can enjoy seamless withdrawals.
But, with their back-prone nature, hot wallets aren’t exactly the right platforms to be used. Some platforms have failed to understand this, and they have paid the price.
Holding Strong in Tough Times
So far, both platforms have been working on getting their systems on track and possibly finding the stolen funds. BitMart has gotten some help, with Huobi Global explaining in a tweet that it would increase transaction tracking to look for related funds in its hack and report as soon as it sees anything unusual.
The Shiba Inu community has also committed to lending a hand. The popular meme coin developers have said they would also watch to check for suspicious transfers on ShibaSwap - their decentralized exchange platform.
Speaking with news sources, BitMart’s officials also confirmed that they would help support victims of the hack to the best of their ability.
“We plan to continue to gradually restore services but only following our security team’s thorough testing process. Security remains our No. 1 priority. In fact, as of Tuesday, Dec. 7, 2021, EST we have resumed ETH and ERC20 token deposits and withdrawals,” a company spokesperson said.
It is unclear whether the company has enough cash at hand to pay out $200 million in losses, but it is highly unlikely. Victims would most likely get cents on the dollar as compensation, although that is definitely better than not getting anything.
All of this goes to show one thing - crypto hacks aren’t as common as they used to be since the industry has matured. But, it will be shortsighted for exchanges, trading platforms, and others in the industry to get complacent right now. In the fight for legitimacy, cryptocurrencies need to be reliable on all fronts - especially with investor security.