The activities of hackers seem to be increasing even in the face of advancement in security technology. Surprisingly, even with the use of private keys, the crypto network is still not impenetrable.
As of Saturday, December 4th, one of the popular cryptocurrency trading platforms, Bitmart, experienced a security breach that gave hackers access to users’ funds. These unidentified hackers stole assets estimated to be worth $196m.
According to Bitmart, the large-scale security breach affected only Ethereum and Binance Smart Chain hot wallets.
If there’s anything that the net has made people believe about digital currency, the system is highly secured. Aside from being a “digital currency,” cryptocurrency uses blockchain technology to ensure that crypto users’ holdings are secure. This supposedly makes it difficult to hack, change or cheat the system.
How is this achieved? Cryptography – storing information in the form of codes.
The crypto network is not like the regular banks where thieves can break in and steal money. Without the private key, one cannot access the funds or transactions on a particular address. Perhaps this explains why many began to invest heavily in cryptocurrency. In 2020 alone, about 65% of crypto investors joined the network.
However, the crypto network may not always be as secure as it sounds.
One of the leading crypto exchange and trading platforms, BitMart, has reportedly been hacked and about $200 million worth of tokens stolen. Apparently, there was a breach in the platform’s security, resulting in access to its wallets.
From reports, only two wallets were affected – one storing Bitcoin smart chain tokens and one storing Ethereum. Other assets are “safe and unharmed,” according to BitMart. Yet, this resulted in a significant loss of customers’ funds, although the exchange said the wallets “carry a small percentage of assets on BitMart.”
The losses were estimated at $100m cash equivalent of Ethereum and a $96m cash equivalent of Binance Smart Chain.
Hot wallets are usually connected to the Internet to make it relatively easy for owners to access and transact with their coins. It appears that the trade-off for the convenience that a hot wallet offers is potential exposure to hacking.
On Saturday, the first security company to notice the breach reported a consistent outflow of tens of millions worth of cryptocurrencies from one of Bitmart’s addresses. BitMart initially debunked the report, calling it “fake news” on its official Telegram channel.
The destination address of the outflow was not yet known and may remain a mystery due to the untrackable nature of cryptocurrency. The “bank heist” was later confirmed by a trusted source – one of the company’s insiders, Sheldon Xia.
One authority described what transpired following the breach as “transfer-out, swap, and wash.” This term explained that the hackers exchanged the stolen tokens after moving the funds out of Bitmart’s wallet. The hackers reportedly used the “1 inch” – a decentralized exchange aggregator to achieve this.
To make it hard to trace the funds, the hackers afterward deposited the ether coins into a privacy mixer called Tornado Cash.
According to Jack Moore, a cyber security specialist at ESET, “Sending funds to an Ethereum mixing service is increasingly common for those wanting to evade being followed by the authorities”. He added, “so better initial prevention for those with digital funds is vital to help mitigate this growing trend.”
Rick Holland, Digital Shadow’s chief information security officer, further explained to CBNC that these hackers often combine illegal funds with real crypto. This process allows them to create a new type of cryptocurrency to facilitate swapping.
BitMart temporarily suspended the deposit and withdrawal functions on the exchange, setting them to resume on Tuesday, December 7th.
Although the company has accepted responsibility for the loss, agreeing to compensate the victims of the cyber theft, there is still a need to strengthen security.
According to Mr. Moore, “The technology holding up cryptocurrencies makes it far too easy to steal large sums of money, with often little or no trace as to where the money has gone or who has stolen it.”
Many security specialists have suggested extra layers of protection, such as two-factor authentication, to curb cyber theft, thereby strengthening the security of funds on different exchanges. This will require a user to provide additional information aside from username and password to access a crypto account.
The additional information may include a secret question, personal possession, or a person’s voice or fingerprint. This may make it difficult for someone with only basic information – such as username and password- to access the account.
In the words of Bobby Ong, CoinGecko co-founder and chief operating officer, ” Exchanges are a honeypot for hackers because of the high potential payoff for any successful exploit.” The crypto network has proven it is not immune to cyberattacks, revealing the need for more robust security measures to be initiated.