With reports of crypto-related hacks are increasing again, it seems that platforms can do more to reassure investors
Many anti-crypto supporters tend to stress the fact that the industry as a whole has a long road ahead when it comes to protecting itself in a way that is equivalent to the traditional finance system, as regulatory instability remains to affect the global digital asset ecosystem. These people have been provided much more power as a result of the latest Bitmart breach.
To summarise, on December 5, cryptocurrency exchange Bitmart was the target of a severe attack that resulted in the company losing around $200 million due to a hot wallet compromise located on the Ethereum and Binance Smart Chain blockchains.
The attack was first discovered by blockchain security firm Peckshield, whose cybersecurity team confirmed that malicious third parties were able to initially transfer nearly $100 million through the Ethereum blockchain, accompanied by some other concurrent hack of $96 million through using crypto exchange's BSC reserves.
Over 20 tokens were acquired by the hackers, along with several altcoins like Binance Coin (BNB), SafeMoon (SAFEMOON), BSC-USD, and BNBBPay (BPay). They also got their hands on a variety of meme tokens, such as Baby DogeCoin (BabyDoge), Floki Inu (FLOKI), and Moonshot (MOONSHOT). The overall plan, according to PeckShield's security team, may be connected to a simple "transfer-out, swap, and wash" technique.
According to the data. As per a trading platform representative, immediately as the hack was detected, the firm intervened by closing down numerous systems to "limit any sort of immediate harm" the measures included blocking token withdrawals and restricting users from trading certain pairs. In addition, the spokesman stated:
“We plan to continue to gradually restore services but only following our security team’s thorough testing process. Security remains our No. 1 priority. In fact, as of Tuesday, Dec. 7, 2021, EST we have resumed ETH and ERC20 token deposits and withdrawals.”
Bitmart also stated in a written response that, in addition, to develop its native security structure, it has updated all of its token deposit addresses for currencies like Bitcoin (BTC), Ether (ETH), and Solana (SOL), and all other tokens affected in the situation. “We have also notified our users of the pertinent changes”, the statement said.
However, on December 6, Sheldon Xia, founder and CEO of BitMart, revealed through Twitter that the exchange will utilise its funds to reimburse for any losses caused by the attack: “We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed.”
The crypto community stands together
After the nearly $200 million hacks, members of the global Shiba Inu (SHIB) community and crypto exchange Huobi Global moved in to provide Bitmart with any support it required to not only enhance its existing security setup and also keep an exact record of the inflows of its lost funds.
Huobi's head of global strategy, Jeff Mei, stated that in incidents similar to the ones involving Bitmart, clarity and prompt action must be prioritised, adding:
“Exchanges should alert their users, other exchanges and law enforcement authorities as soon as possible and be transparent about what they are doing to handle the hack and the loss of user funds.”
Furthermore, Mei noted that users should resist pooling all of their assets on a common platform or wallet, and if they suspect something suspicious is happening, they should contact the respective exchange and inform them of the possible security concern.
The Shiba Inu community, like Huobi, stated that it intends to assist Bitmart and that it has already increased its measures to analyse any possible safety risks for ShibaSwap, a community-built decentralised exchange (DEX).
There is a need for more knowledge
What happened to Bitmart with its latest security hack, according to Raimundo Castilla, CEO of digital asset custody platform Prosegur Crypto, could have been easily avoided if the firm's users had been informed properly to store their digital assets externally instead of on the exchange itself:
“Hot wallets should be reserved just for the funds you want to trade with. This amount of money should have been guarded on cold storage with an air-gapped system and 100% offline transactions.”
However, Castilla added, for platforms like Bitmart to avoid such mishaps, they must use a balance of unique technology and strict governance protocols. For starters, their credentials should not have been recorded and stored online since anything saved online, no matter how closely secured, is open to attacks. He explained, "They should have worked with whitelisting so that even if someone had access to any private key, he could only transfer cash to a pre-confirmed wallet direction."
Furthermore, Bitmart could've used a multi-signature authorization module as part of an advanced multiparty computation (MPC) co-signing system. The hackers would have needed multiple people to authorize the transactions in concern.
"Hacking only one private key can accomplish nothing at all," Castilla added. In addition, someone acting as a key account manager may have moved in and “stopped the transaction to get to the client to see if it was legitimate.”
The necessity for improved security methods is vital
With the crypto industry appearing afflicted by malicious hacking incidents, it's worthy of note that digital asset lending platform Celsius recently confirmed that it had suffered a $50 million loss as a result of an attack involving decentralised finance (DeFi) protocol BadgerDAO.
The protocol's core development team initially reported the attack on December 9, stating they got "multiple exports of unauthorised withdrawals" linked to their users. They then stopped all of their current smart contracts to avoid any more losses.
However, this hasn't all been disappointing news lately, as cross-chain protocol Synapse Bridge announced on Nov. 9 that its security team was able to prevent a multimillion-dollar attack on the Avalanche Neutral Dollar (nUSD) meta pool, stopping hackers from looting roughly $8 million in digital currencies.