threatpost.com
Open in
urlscan Pro
35.173.160.135
Public Scan
Submitted URL: https://threatpost.com/crypto-exchange-bitmart-theft/176805/#respond'
Effective URL: https://threatpost.com/crypto-exchange-bitmart-theft/176805/
Submission: On December 07 via api from US — Scanned from DE
Effective URL: https://threatpost.com/crypto-exchange-bitmart-theft/176805/
Submission: On December 07 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST /crypto-exchange-bitmart-theft/176805/#gf_5
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_5" id="gform_5" action="/crypto-exchange-bitmart-theft/176805/#gf_5">
<div class="gform_body">
<ul id="gform_fields_5" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_5_8" class="gfield field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_8"></label>
<div class="ginput_container ginput_container_text"><input name="input_8" id="input_5_8" type="text" value="" class="medium" placeholder="Your name" aria-invalid="false"></div>
</li>
<li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_1"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_5_1" type="text" value="" class="medium" placeholder="Your e-mail address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_5_9" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden"><input name="input_9" id="input_5_9" type="hidden" class="gform_hidden"
aria-invalid="false" value=""></li>
<li id="field_5_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_2">
<li class="gchoice_5_2_1">
<input name="input_2.1" type="checkbox" value="I agree" id="choice_5_2_1">
<label for="choice_5_2_1" id="label_5_2_1">I agree to my personal data being stored and used to receive the newsletter</label>
</li>
</ul>
</div>
</li>
<li id="field_5_5" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label"><span class="gfield_required">*</span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_5">
<li class="gchoice_5_5_1">
<input name="input_5.1" type="checkbox" value="I agree" id="choice_5_5_1">
<label for="choice_5_5_1" id="label_5_5_1">I agree to accept information and occasional commercial offers from Threatpost partners</label>
</li>
</ul>
</div>
</li>
<li id="field_5_10" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_10">Phone</label>
<div class="ginput_container"><input name="input_10" id="input_5_10" type="text" value=""></div>
<div class="gfield_description" id="gfield_description__10">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_5" class="gform_button button" value="Subscribe" onclick="if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; jQuery("#gform_5").trigger("submit",[true]); }" style="display: none;"> <input
type="hidden" name="gform_ajax" value="form_id=5&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_5" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="5">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_5" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_5" id="gform_target_page_number_5" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_5" id="gform_source_page_number_5" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>POST https://threatpost.com/wp-comments-post.php
<form action="https://threatpost.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="o-row">
<div class="o-col-12@md">
<div class="c-form-element"><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Write a reply..."></textarea></div>
</div>
</div>
<div class="o-row">
<div class="o-col-6@md">
<div class="c-form-element"><input id="author" name="author" placeholder="Your name" type="text" value="" size="30"></div>
</div>
<div class="o-col-6@md">
<div class="c-form-element"><input id="email" name="email" placeholder="Your email" type="text" value="" size="30"></div>
</div>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="c-button c-button--primary" value="Send Comment"> <input type="hidden" name="comment_post_ID" value="176805" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="521b77e2d1"></p><!-- the following input field has been added by the Honeypot Comments plugin to thwart spambots -->
<input type="hidden" id="Ayj6Xsxku6dJIvupDCKEclkt2" name="6DxYBicaKAHliZ6mGyHEPytpP">
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
var captchaContainer = null;
captchaContainer = grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfsdrAaAAAAAMVKgei6k0EaDBTgmKv6ZQrG7aEs",
"theme": "standard"
});
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript><textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100" style="display: none !important;"></textarea><input type="hidden" id="ak_js" name="ak_js" value="1638908276850">
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>Text Content
Newsletter
SUBSCRIBE TO OUR THREATPOST TODAY NEWSLETTER
Join thousands of people who receive the latest breaking cybersecurity news
every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
*
* *
*
* *
* I agree to my personal data being stored and used to receive the
newsletter
* *
* I agree to accept information and occasional commercial offers from
Threatpost partners
* Phone
This field is for validation purposes and should be left unchanged.
This iframe contains the logic required to handle Ajax powered Gravity Forms.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
Threatpost
* Cloud Security
* Malware
* Vulnerabilities
* InfoSec Insiders
* Webinars
*
*
*
*
*
*
*
Search
* Are You Guilty of These 8 Network-Security Bad Practices?Previous article
* SolarWinds Attackers Spotted Using New Tactics, MalwareNext article
CRYPTO-EXCHANGE BITMART TO PAY USERS FOR $200M THEFT
Author: Lisa Vaas
December 6, 2021 5:09 pm
3 minute read
Write a comment
Share this article:
*
*
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets,
but a blockchain security firm said it’s closer to $200 million.
Cryptocurrency exchange BitMart has pledged to dig into its own pocket to pay
back users affected in a cyberattack that drained it of about $150 million worth
of cryptocurrencies, according to a tweet put out by BitMart CEO Sheldon Xia on
Monday.
> “BitMart will use our own funding to cover the incident and compensate
> affected users. We are also talking to multiple project teams to confirm the
> most reasonable solutions such as token swaps. No user assets will be harmed.”
> —@sheldonbitmart
On Saturday, BitMart announced that attackers had stolen a private key and
compromised two of the exchange’s hot wallets on the Ethereum (ETH) blockchain
and the Binance smart chain (BSC), making off with approximately $150 million
worth of assets in a “large-scale security breach.”
However, blockchain-security and data-analytics firm PeckShield – the first to
notice the breach on Saturday – estimated that the loss is closer to $200
million. On the day of the breach, PeckShield tweeted out a list of affected
assets/amounts on @BinanceChain, noting that the losses were worth about $100
million from the Ethereum wallet and about 96 million on the Binance Chain
wallet.
The assailants made off with a mix of more than 20 tokens, including binance
coin, safemoon and shiba inu.
Bitmart hasn’t figured out exactly how the attackers pulled off the breach, but
what happened after was pretty straightforward, according to Peckshield: It was
a classic case of “transfer-out, swap and wash.”
> We want to know what your biggest cloud security concerns and challenges are,
> and how your company is dealing with them. Weigh in with our exclusive,
> anonymous Threatpost Poll!
PeckShield shared an illustration of the attack chain, shown below.
The transfer-out, swap and wash rip-off. Source: PeckShield.
The infographic depicts funds being transferred out of BitMart, after which the
thieves apparently used the decentralized exchange aggregator known as 1inch to
exchange the stolen tokens for Ether. Then, they deposited the Ether coins into
a privacy mixer known as Tornado Cash: A “washer” that makes the funds tough to
trace by breaking the on-chain link between source and destination addresses.
It’s not known if particular users were targeted.
HOT VS. COLD WALLETS
In cryptocurrency-speak, a hot wallet refers to a wallet – a collection of
private keys – that’s connected to the internet. That internet connection makes
them vulnerable to threat actors that can steal funds, but it also makes them
faster than unconnected, more secure, slower cold wallets.
BitMart noted that the affected wallets carried only “a small percentage” of its
assets and that the remainder of its wallets escaped unscathed.
The exchange has temporarily suspended withdrawals until further notice. Xia
said on Twitter that BitMart is “doing our best to retrieve security setups” and
resume operations. “We need time to make proper arrangements and your kind
understanding during this period will be highly appreciated,” he said.
BitMart is now conducting “a thorough security review” and promised to post
updates as its investigation progresses. In addition, Xia will conduct an “ask
me anything” session at 8 p.m. ET on Monday evening to share more about the
breach, the compensation arrangement and the company’s plan to resume operation.
Xia said that BitMart is confident that deposits and withdrawals will gradually
resume tomorrow, Dec. 7, and that detailed timelines will be announced “very
soon.”
The BitMart heist is just the latest in a string of attacks that have targeted
cryptocurrency platforms including Poly Network, Cream Finance, Liquid and bZx.
Last week, an attacker stole $120 million in cryptocurrency by compromising the
BadgerDAO decentralized finance (DeFi) website, draining dozens of wallets
before it could freeze its vaults.
“It’s no surprise that attackers are targeting cryptocurrency exchanges, in many
ways they are the new banks, which makes this a modern version of a bank heist
with arguably less risk and less effort,” Steve Forbes, government cybersecurity
expert at Nominet, said via email. “With a lot of media focus around the use of
cryptocurrency for nefarious purposes, I expect these criminals are also hoping
to attract less attention from law enforcement.”
There’s a sea of unstructured data on the internet relating to the latest
security threats. REGISTER TODAY to learn key concepts of natural language
processing (NLP) and how to use it to navigate the data ocean and add context to
cybersecurity threats (without being an expert!). This LIVE, interactive
Threatpost Town Hall, sponsored by Rapid 7, will feature security researchers
Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights (a Rapid7 company), plus
Threatpost journalist and webinar host, Becky Bracken.
Register NOW for the LIVE event!
Write a comment
Share this article:
* Breach
* Cloud Security
* Hacks
* News
* Web Security
SUGGESTED ARTICLES
GOOGLE TAKES DOWN GLUPTEBA BOTNET; FILES LAWSUIT AGAINST OPERATORS
The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to
eliminate completely.
December 7, 2021
SOLARWINDS ATTACKERS SPOTTED USING NEW TACTICS, MALWARE
One year after the disruptive supply-chain attacks, researchers have observed
two new clusters of activity from the Russia-based actors that signal a
significant threat may be brewing.
December 7, 2021
ARE YOU GUILTY OF THESE 8 NETWORK-SECURITY BAD PRACTICES?
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses
VPNs, RDP, flat networks, BYOD and other network-security bugbears.
December 6, 2021
DISCUSSION
LEAVE A COMMENT CANCEL REPLY
This site uses Akismet to reduce spam. Learn how your comment data is processed.
INFOSEC INSIDER
* ARE YOU GUILTY OF THESE 8 NETWORK-SECURITY BAD PRACTICES?
December 6, 2021
* PANDEMIC-INFLUENCED CAR SHOPPING: JUST USE THE MANUFACTURER API
December 3, 2021
* HOW DECRYPTION OF NETWORK TRAFFIC CAN IMPROVE SECURITY
November 30, 2021
3
* HOW TO DEFEND AGAINST MOBILE APP IMPERSONATION
November 23, 2021
* ONLINE MERCHANTS: PREVENT FRAUDSTERS FROM BECOMING HOLIDAY GRINCHES
November 22, 2021
Newsletter
SUBSCRIBE TO THREATPOST TODAY
Join thousands of people who receive the latest breaking cybersecurity news
every day.
Subscribe now
Twitter
We want to know what your biggest #cloudsec concerns and challenges are, and how
your company is dealing with them.… https://t.co/0b77PkNxFi
20 mins ago
NEXT 00:02 01:17 360p 720p HD 1080p HD Auto (360p) About Connatix V141495 Closed
Captions About Connatix V141495 1/1 Skip Ad Continue watching after the ad Visit
Advertiser website GO TO PAGE
SUBSCRIBE TO OUR NEWSLETTER, THREATPOST TODAY!
Get the latest breaking news delivered daily to your inbox.
Subscribe now
Threatpost
The First Stop For Security News
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
* Copyright © 2021 Threatpost
* Privacy Policy
* Terms and Conditions
* Advertise
*
*
*
*
*
*
*
TOPICS
* Black Hat
* Breaking News
* Cloud Security
* Critical Infrastructure
* Cryptography
* Facebook
* Government
* Hacks
* IoT
* Malware
* Mobile Security
* Podcasts
* Privacy
* RSAC
* Security Analyst Summit
* Videos
* Vulnerabilities
* Web Security
Threatpost
*
*
*
*
*
*
*
TOPICS
* Cloud Security
* Malware
* Vulnerabilities
* Privacy
Show all
* Black Hat
* Critical Infrastructure
* Cryptography
* Facebook
* Featured
* Government
* Hacks
* IoT
* Mobile Security
* Podcasts
* RSAC
* Security Analyst Summit
* Slideshow
* Videos
* Web Security
AUTHORS
* Tara Seals
* Tom Spring
* Lisa Vaas
THREATPOST
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
Search
*
*
*
*
*
*
*
InfoSec Insider
INFOSEC INSIDER POST
Infosec Insider content is written by a trusted community of Threatpost
cybersecurity subject matter experts. Each contribution has a goal of bringing a
unique voice to important cybersecurity topics. Content strives to be of the
highest quality, objective and non-commercial.
Sponsored
SPONSORED CONTENT
Sponsored Content is paid for by an advertiser. Sponsored content is written and
edited by members of our sponsor community. This content creates an opportunity
for a sponsor to provide insight and commentary from their point-of-view
directly to the Threatpost audience. The Threatpost editorial team does not
participate in the writing or editing of Sponsored Content.
We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.
ACCEPT AND CLOSE