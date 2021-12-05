Bitmart has lost $196 million in multiple cryptocurrencies, making this the most damaging centralized exchange breach to date.

The purported attack was initially brought to light Saturday night by security analysis firm Peckshield in a tweet. One of Bitmart’s addresses is currently showing continuous outflows of whole token balances, some worth tens of millions of dollars, to an address branded as the “Bitmart Hacker” by Etherscan.

Peckshield assessed the damages at $100 million in various cryptocurrencies on the Ethereum blockchain and $96 million on the Binance Smart Chain in a follow-up tweet.

Peckshield Inc estimates the losses to be in the neighborhood of $196 million, with roughly $100 million lost from the ETH wallet and $96 million lost from the Binance Smart Chain. SAFEMOON, X2P, FLNS, BabyDoge, HERO, STARSHIP, FLOKI, JULb, CMCX, GMR, SPE, BETU, GMEX, ZOE, MOONSHOT, BPAY, STACK, EnergyX, BSC-USD, and BNB are among the BSC assets that have been impacted. The hacker stole cash from hot wallets and traded them for ETH via the DEX aggregator 1inch, according to Peckshield’s own investigation into the attack.

The hacker has been routinely using decentralized exchange (DEX) aggregator 1inch to exchange stolen assets for cryptocurrency ether (ETH), then depositing the ETH into privacy mixer Tornado Cash using a secondary address, making the hijacked funds harder to track.

Bitmart staff first stated that the outflows were “normal withdrawals” on an official Telegram channel, dismissing reports of the hack as “false news.”

Bitmart CEO Sheldon Xia later admitted that the outflows were really the consequence of a “security breach” hours later.

With a total loss of $196 million, this is one of the most costly centralized exchange attacks ever.

Huobi has pledged to assist BitMart

It would be beneficial if other cryptocurrency exchanges were made aware of substantial deposits made through the Tornado Cash platform. Huobi has stated on Twitter that it is eager to assist in identifying inflows of assets related to the attack.

The Zcash team used open-source research to create Tornado Cash. Tornado Cash was also utilized as an anonymizer earlier this week in the MonoX Finance DeFi Protocol Hack.

