As regulatory uncertainty continues to plague the global digital asset ecosystem, there are many proponents of the fight against crypto who continue to insist that the industry as a whole has a long way to go when it comes to protecting itself from a so that it is anywhere. comparable to the traditional financial system. Now, with the recent Bitmart hack coming to light, these individuals have been given even more firepower.
In short, on December 5, cryptocurrency exchange Bitmart was on the receiving end of a major hack that caused the platform to lose nearly $ 200 million through a hot wallet compromise hosted on the Ethereum and Binance Smart blockchains. Chain. The breach was first exposed by blockchain security firm Peckshield, whose cybersecurity team revealed that nefarious third parties were able to initially transfer approximately $ 100 million through the Ethereum blockchain, followed by another simultaneous $ 96 million hack. using the BSC reserves of the cryptocurrency exchange.
Hackers were able to accumulate more than 20 tokens, including various altcoins such as Binance Coin (BNB), SafeMoon (SAFEMOON), BSC-USD, and BNBBPay (BPay). They were also able to steal decent amounts of meme tokens, including Baby Doge Coin (BabyDoge), Floki Inu (FLOKI), and Moonshot (MOONSHOT). According to the PeckShield security team, the whole scheme can be attributed to a simple “transfer, change and wash” maneuver.
Bitmart responds
To better understand how the entire incident came about, Cointelegraph reached out to Bitmart. A spokesperson for the trading platform noted that as soon as the breach was discovered, the company took action by shutting down multiple systems to “limit any kind of immediate damage”; Actions included stopping token withdrawals and preventing users from trading certain pairs. The representative added:
“We plan to continue to gradually restore services, but only by following the extensive testing process of our security team. Safety remains our number one priority. In fact, as of Tuesday, December 7, 2021, EST, we have resumed deposits and withdrawals of ETH and ERC20 tokens. “
Furthermore, a written response from the exchange also highlighted that to bolster its native security infrastructure, Bitmart had replaced all of its token deposit addresses in relation to currencies such as Bitcoin (BTC), Ether (ETH), and Solana (SOL), as well as. like all the other chips involved in the incident. “We have also notified our users of the relevant changes,” the statement concluded.
Finally, on December 6, Sheldon Xia, founder and CEO of BitMart, Announced via Twitter that the xchange was going to use its own financing to compensate for the losses derived from the incident: “We are also talking with various project teams to confirm the most reasonable solutions, such as token exchanges. Users’ assets will not be damaged. “
The crypto community shows solidarity
Following the nearly $ 200 million hack, members of the global Shiba Inu (SHIB) community and crypto exchange Huobi Global teamed up to offer Bitmart any kind of assistance needed for the exchange not just to strengthen its security setup. but also to keep an accurate tab on your misplaced asset entries.
Speaking to Cointelegraph, Huobi’s director of global strategy Jeff Mei noted that in cases like the one seen in relation to Bitmart, it is imperative that transparency and immediate action are top priority, adding:
“Exchanges must alert their users, other exchanges and law enforcement authorities as soon as possible and be transparent about what they are doing to handle the attack and loss of user funds.”
Furthermore, Mei emphasized that users should avoid bundling all their assets on a single platform or a single wallet, and in cases where they feel that something suspicious might be going on, users should not hesitate to contact the relevant exchange and tell them. about the possible security incident.
Like Huobi, the Shiba Inu community also confirmed their intentions to help Bitmart, adding that they had already stepped up their efforts to review potential security threats to ShibaSwap, a decentralized community-built exchange (DEX).
More education is needed
Raimundo Castilla, CEO of digital asset custody platform Prosegur Crypto, told Cointelegraph that what happened to Bitmart with its recent security breach was something that could easily be prevented only if the platform’s users had received sufficient education. to keep your digital assets abroad and not on the exchange. itself:
“Hot wallets should be reserved only for the funds you want to trade with. This amount of money should have been kept in cold storage with a 100% offline transaction and air gap system. “
However, Castilla added that for platforms like Bitmart to avoid future incidents, they must employ a combination of innovative technologies alongside rigid governance protocols. For starters, your private keys should not have been protected online, as anything stored online is susceptible to attack, regardless of how well it is protected. “They should have worked with whitelists, so even if someone has access to any private key, they could only send funds to a previously confirmed wallet address,” he clarified.
Additionally, Bitmart could have employed an advanced multi-party computing co-signing (MPC) system that used a multi-signature approval module. This would have required the hackers to need multiple people to approve the transactions in question.
Castilla added that: “Hacking just a private key can’t do anything at all.” Also, someone playing the role of key account manager could have stepped in and “stopped the transaction to get to the customer and see if it was legitimate.”
Better security measures are the need of the moment
With the crypto ecosystem seemingly under a continuous spate of nefarious hacking incidents, it is worth noting that recently digital asset lending platform Celsius also confirmed that it had faced a loss of $ 50 million through an exploit related to it. decentralized finance protocol (DeFi) BadgerDAO.
Attack reports first emerged on December 9 with the core protocol development team announcing that they received “multiple unauthorized recall exports” related to their clients. Afterward, they stopped all of their existing smart contracts to mitigate further potential losses.
That said, it hasn’t all been bad news recently, as Synapse Bridge cross-chain protocol revealed that on November 9, its security team was able to prevent a multi-million dollar exploit in the Avalanche Neutral Dollar (nUSD) metapool, avoiding scoundrels from make your way with nearly $ 8 million in digital currencies.