Hackers have taken $196 million from crypto trading platform Bitmart, a security firm said Saturday. As a result, Bitmart temporarily suspended all withdrawals until further notice and said a thorough security review was underway. The hack follows the recent steal of $120 million in crypto from DeFi platform BadgerDAO.
According to NBC News, Bitmart confirmed the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million.
Bitmart added in a statement that all withdrawals had been temporarily suspended until further notice and said a thorough security review was underway.
Peckshield was the first to notice the breach on Saturday, noting that one of Bitmart’s addresses showed a steady outflow of tens of millions of dollars to an address which Etherscan referred to as the “Bitmart Hacker.”
Peckshield estimated that Bitmart lost around $100 million in various cryptocurrencies on the Ethereum blockchain and another $96 million from coins on the Binance smart chain. The hackers made off with a mix of more than 20 tokens, including Binance coin, Safemoon, and Shiba Inu.
Bitmart says that the affected Ethereum and Binance smart chain “hot wallets” carried only a “small percentage” of the exchange’s assets. The statement went on to say that all other wallets were “secure and unharmed.”
Bitmart, which offers a mix of spot transactions, leveraged futures trading, as well as lending and staking services, typically ranks as one of the top centralized crypto exchanges by volume, according to CoinGecko data.
Bitmart says it is still unclear what possible methods the hackers used, but what happened after the breach was pretty straightforward, according to Peckshield. It was a classic case of “transfer-out, swap, and wash,” according to the security firm.
This latest breach comes amid a wave of recent hacks. Last week, crypto lender Celsius Network admitted to losing funds, as a result of the $120 million hack of the decentralized finance platform BadgerDAO. Several crypto wallets were drained before the platform could stop the cyber attack.
In a tweet, Badger said it has received reports of unauthorized withdrawals of user funds.
“As Badger engineers investigate this, all smart contracts have been paused to prevent further withdrawals. Our investigation is ongoing and we will release further information as soon as possible,” the company said late on Thursday.
According to the blockchain security and data analytics Peckshield, the various tokens stolen in the attack are worth about $120 million, reports The Verge. Reports said someone inserted a malicious script in the user interface of their website.
Badger has retained data forensics experts Chainalysis to explore the full scale of the incident and authorities in both the US and Canada have been informed.