- Bitmart to refund users fund affected during Saturday hack.
- Exchange says hack was possible after hackers stole its private keys.
- Firm completes initial security checks and working on covering leakages.
CEO of BitMart, Sheldon Xia, has promised that the exchange will refund all users who were affected in the $196m hack on Saturday night. The exchange said it would pay back from its pocket.
The CEO made the announcement in a Twitter post on Monday confirming that the hack was successful after hackers were able to steal private keys to two of BitMart’s hot wallets.
“BitMart will use our funding to cover the incident and compensate affected users,” wrote Xia. “We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed.”
“We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed, he wrote further.
1/4 In response to this incident, BitMart has completed initial security checks and identified affected assets. This security breach was mainly caused by a stolen private key that had two of our hot wallets compromised. Other assets with BitMart are safe and unharmed.— Sheldon Xia (@sheldonbitmart) December 6, 2021
The exchange suffered “a large-scale security breach,” which resulted in the exchange’s Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets being compromised.
In response to the hack, the exchange said it has completed initial security checks and identified affected assets noting that the hack was successful because of the stolen private key.
Bitmart said the hackers managed to make off with about $150 million in stolen funds. However, according to blockchain security firm Peckshield, the total estimated loss is closer to $200 million, with approximately $100 million in assets issued on the Ethereum blockchain and about $96 million in BSC-based assets stolen.
According to the blockchain security firm, the attack was straightforward. The hacker swapped the stolen tokens through decentralized exchange (DEX) aggregator 1inch and used Tornado Cash, a mixing service for the Ethereum blockchain, to obfuscate their identities.
“The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed,” the exchange however, said in a statement.