The new DEFI platform enters the market! Earn passively - token sale 0.25 $ I'm going in!

Bitmart promises to compensate hack victims as the crypto community unites to support

6 min reading

With reports of crypto-related hacks are increasing again, it seems that platforms can do more to reassure investors

Many anti-crypto supporters tend to stress the fact that the industry as a whole has a long road ahead when it comes to protecting itself in a way that is equivalent to the traditional finance system, as regulatory instability remains to affect the global digital asset ecosystem. These people have been provided much more power as a result of the latest Bitmart breach.

To summarise, on December 5, cryptocurrency exchange Bitmart was the target of a severe attack that resulted in the company losing around $200 million due to a hot wallet compromise located on the Ethereum and Binance Smart Chain blockchains.

The attack was first discovered by blockchain security firm Peckshield, whose cybersecurity team confirmed that malicious third parties were able to initially transfer nearly $100 million through the Ethereum blockchain, accompanied by some other concurrent hack of $96 million through using crypto exchange's BSC reserves.

Over 20 tokens were acquired by the hackers, along with several altcoins like Binance Coin (BNB), SafeMoon (SAFEMOON), BSC-USD, and BNBBPay (BPay). They also got their hands on a variety of meme tokens, such as Baby DogeCoin (BabyDoge), Floki Inu (FLOKI), and Moonshot (MOONSHOT). The overall plan, according to PeckShield's security team, may be connected to a simple "transfer-out, swap, and wash" technique.

Bitmart reacts

According to the data. As per a trading platform representative, immediately as the hack was detected, the firm intervened by closing down numerous systems to "limit any sort of immediate harm" the measures included blocking token withdrawals and restricting users from trading certain pairs. In addition, the spokesman stated:

“We plan to continue to gradually restore services but only following our security team’s thorough testing process. Security remains our No. 1 priority. In fact, as of Tuesday, Dec. 7, 2021, EST we have resumed ETH and ERC20 token deposits and withdrawals.”

Bitmart also stated in a written response that, in addition, to develop its native security structure, it has updated all of its token deposit addresses for currencies like Bitcoin (BTC), Ether (ETH), and Solana (SOL), and all other tokens affected in the situation. “We have also notified our users of the pertinent changes”, the statement said.

However, on December 6, Sheldon Xia, founder and CEO of BitMart, revealed through Twitter that the exchange will utilise its funds to reimburse for any losses caused by the attack: “We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed.”

The crypto community stands together

After the nearly $200 million hacks, members of the global Shiba Inu (SHIB) community and crypto exchange Huobi Global moved in to provide Bitmart with any support it required to not only enhance its existing security setup and also keep an exact record of the inflows of its lost funds.

Huobi's head of global strategy, Jeff Mei, stated that in incidents similar to the ones involving Bitmart, clarity and prompt action must be prioritised, adding:

“Exchanges should alert their users, other exchanges and law enforcement authorities as soon as possible and be transparent about what they are doing to handle the hack and the loss of user funds.”

Furthermore, Mei noted that users should resist pooling all of their assets on a common platform or wallet, and if they suspect something suspicious is happening, they should contact the respective exchange and inform them of the possible security concern.

The Shiba Inu community, like Huobi, stated that it intends to assist Bitmart and that it has already increased its measures to analyse any possible safety risks for ShibaSwap, a community-built decentralised exchange (DEX).

There is a need for more knowledge

What happened to Bitmart with its latest security hack, according to Raimundo Castilla, CEO of digital asset custody platform Prosegur Crypto, could have been easily avoided if the firm's users had been informed properly to store their digital assets externally instead of on the exchange itself:

“Hot wallets should be reserved just for the funds you want to trade with. This amount of money should have been guarded on cold storage with an air-gapped system and 100% offline transactions.”

However, Castilla added, for platforms like Bitmart to avoid such mishaps, they must use a balance of unique technology and strict governance protocols. For starters, their credentials should not have been recorded and stored online since anything saved online, no matter how closely secured, is open to attacks. He explained, "They should have worked with whitelisting so that even if someone had access to any private key, he could only transfer cash to a pre-confirmed wallet direction."

Furthermore, Bitmart could've used a multi-signature authorization module as part of an advanced multiparty computation (MPC) co-signing system. The hackers would have needed multiple people to authorize the transactions in concern.

"Hacking only one private key can accomplish nothing at all," Castilla added. In addition, someone acting as a key account manager may have moved in  and “stopped the transaction to get to the client to see if it was legitimate.”

The necessity for improved security methods is vital

With the crypto industry appearing afflicted by malicious hacking incidents, it's worthy of note that digital asset lending platform Celsius recently confirmed that it had suffered a $50 million loss as a result of an attack involving decentralised finance (DeFi) protocol BadgerDAO.

The protocol's core development team initially reported the attack on December 9, stating they got "multiple exports of unauthorised withdrawals" linked to their users. They then stopped all of their current smart contracts to avoid any more losses.

However, this hasn't all been disappointing news lately, as cross-chain protocol Synapse Bridge announced on Nov. 9 that its security team was able to prevent a multimillion-dollar attack on the Avalanche Neutral Dollar (nUSD) meta pool, stopping hackers from looting roughly $8 million in digital currencies.

Currency Exchange rate Buy cryptocurrency

Buy crypto now

Dear customer,

We use cookies to provide our services correctly and safely. Cookies are small text-based data sets that shall be saved on the device you are using in connection with the use of this instnat website. Cookies are created in order to ensure proper functioning of thes instant website. By clicking the button "I accept and go to the website", you implicitly agree to creation of the cookies on your computer and to deploy automatic tracking and data collection and processing on behalf of the Lushup Holdings FZ LEE. Click the above-captioned button is also tantamount to accepting website's privacy policy. Closing the notification by means of "X" is unequivocally connected with your consent. If you do not agree to any of the above, please discontinue using our Website.

“Cookies” shall make an identification of the software used by you and to customization of this instant website to your needs. Cookies contain the name of the domain from which they origin, duration of period of their storage on your computer and an assigned value.

Third party cookies:
We also use third-party cookies for the following purposes:

  • creating statistics - helping to understand the way Users use the Website, which allows to improve its structure and content with use of the analytical tools
  • defining a user profile - in order to display custom-tailored content in advertising networks.

External entities that might be source of any third-party cookies on this instant Website are as follows:

Using a settings of your web browser or by using pre-set configuration tools available in our service you can independently and at any time change the settings concerning your use of the “cookies”, specifying the conditionsof their storage and how your device is creating and downloading them. These settings can be changed to block the automatic handling of cookies in the settings of your web browser or inform about their placement on your device each time.

Detailed information about the options related to use of “cookies” is available in the settings of your software (web browser).

Service privacy policy

This instant document lays out the principles of the Privacy Policy on the website (hereinafter referred to as the "Website" or "Service"). The administrator of the Website is Lushup Holdings FZ LEE, Fujairah - Creative Tower, P.O.Box 4422 Fujairah, United Arabs Emirates.

The full document to read the Tokeneo privacy policy is available in this document.

Advanced settings can be changed in your browser.