Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Over $150 Million Worth of Cryptocurrency Stolen from BitMart Exchange

The cryptocurrency trading platform BitMart reported that over $150 million (USD) of cryptocurrency assets in so-called “hot wallets” were stolen due to a “large scale security breach” resulting from a stolen private key. Hot wallets, as opposed to their cold counterparts, are cryptocurrency accounts that are connected to the internet, allowing for rapid transfer and deposit of tokens. Research company PeckShield estimated the total loss of assets at approximately $200 million (USD). BitMart reported that it has frozen withdrawal transactions while the investigation is ongoing, but plans to gradually resume transactions as of Tuesday, Dec 7.

Analyst Notes

This is the latest in a series of financially motivated online attacks directed at cryptocurrency organizations. For example, last week $120 million (USD) was stolen from BadgerDAO and $30 million (USD) was stolen from MonoX Finance. Over $600 million was stolen from PolyNetwork earlier this year, although the assets were eventually returned by the alleged hacktivist. $97 million (USD) was stolen from Liquid, with 10 other organizations this year disclosing large losses. This emphasizes a key point in security – the use of public key infrastructure (PKI) does not guarantee privacy or security – particularly when the private keys that take the place of passwords are not appropriately secured. Social engineering tactics, as well as inappropriate disclosure of private keys when such keys are not segregated from development and Internet facing operations, often result in criminals obtaining illicit access to internal networks and services which can then be further exploited.