Security company Peckshield has reported a hack of two Bitmart wallets that used 1inch DEX aggregator to swap stolen tokens for ETH.
Two BitMart hot wallets have been hacked. One of the hot wallets was an ETH wallet, the other a BSC wallet. The method of attack is not yet known, although BitMart estimates losses at around $150M. The other BitMart hot wallets are intact, and BitMart is undertaking a security review and has suspended withdrawals until further notice.
Via BitMart’s official Telegram channel, it claimed that the withdrawals from those wallets were not out of the ordinary, but later admitted the attack via the CEO’s Twitter. Following the hack, BitMart’s native exchange token has dropped 9.7% in the last 24 hours, and is now sitting at $0.323248.
Losses understated, says Peckshield
Blockchain security company Peckshield Inc estimates the losses to be in the region of $196M, with approximately 100M lost from the ETH wallet and roughly $96M on Binance Smart Chain. The affected BSC assets include SAFEMOON, X2P, FLNS, BabyDoge, HERO, STARSHIP, FLOKI, JULb, CMCX, GMR, SPE, BETU, GMEX, ZOE, MOONSHOT, BPAY, STACK, EnergyX, BSC-USD, and BNB. Peckshield has revealed from its own investigation of the attack that the hacker withdrew funds from hot wallets and swapped them for ETH using the DEX aggregator called 1inch.
The funds were then routed through Tornado Cash, a privacy mixing protocol for the Ethereum blockchain that breaks the on-chain link between source and destination addresses by using a smart contract that acts as a pool that accepts ETH deposits from one address and, and enables withdrawal from another address. The mixer pools funds from multiple users before a transaction reaches its destination. Once the mixing takes place, it is not easy to know where the money went, who transacted, and how much crypto was involved in the transaction.
Huobi commits to helping BitMart
It is helpful if other crypto exchanges are alert to large deposits being made from the Tornado Cash platform. Huobi has indicated via its Twitter account that they are willing to assist to identify inflows of assets involved in the hack.
What do you think about this subject? Write to us and tell us!