Hackers have stolen nearly $200 million worth of cryptocurrency after breaching the popular crypto trading platform BitMart.
The Cayman Islands-based exchange confirmed that a “large-scale security breach” took place over the weekend, resulting in the loss of customer funds. CEO Sheldon Xia said the company would compensate all affected users.
The estimated losses amount to $100m in cryptocurrencies on the Ethereum blockchain and a further $96m of cryptocurrencies on the Binance Smart Chain. No bitcoin appears to have been lost.
BitMart initially claimed that “there was no hack” and that the outflows were normal withdrawals, claiming on its official Telegram channel that reports of a hack were “fake news”.
Mr Xia subsequently confirmed that a breach had been identified, resulting from a stolen private key that gave access to two of the exchange’s digital wallets.
“BitMart will use our own funding to cover the incident and compensate affected users,” he said. “No user assets will be harmed.”
Deposit and withdrawal functions on the exchange have been temporarily suspended, however they are expected to resume on Tuesday.
“It’s no surprise that attackers are targeting cryptocurrency exchanges, in many ways they are the new banks, which makes this a modern version of a bank heist with arguably less risk and less effort,” Steve Forbes, a cyber security expert at web registry Nominet, told The Independent.
“As the threat of a ransomware attack continues to grow for all industries, cryptocurrency exchanges will be no exception.”
Jake Moore, a cyber security specialist at ESET, noted that the use of a decentralised exchange (DEX) aggregator to swap the stolen assets for the cryptocurrency Ethereum (ETH), while simultaneously using a privacy mixer to deposit the ETH, meant they would be extremely difficult to track.
“The technology holding up cryptocurrencies makes it far too easy to steal large sums of money, with often little or no trace as to where the money has gone or who has stolen it,” Mr Moore said.
“Sending funds to an Ethereum mixing service is increasingly common for those wanting to evade being followed by the authorities, so better initial prevention for those with digital funds is vital to help mitigate this growing trend.”
Additional layers of security, such as two-factor authentication, are recommended for users of cryptocurrency exchanges and custodial services, as well as extra caution when dealing with suspicious emails that may be phishing attempts to garner login credentials.