Cryptocurrency exchange BitMart suffered a breach in which threat actors stole more than $100 million in assets.
In statements issued through Telegram, Twitter and BitMart's support page over the weekend, the exchange described the incident as "large scale" and determined it was related to one of its Ethereum hot wallets and one of its Binance Smart Chain hot wallets, used for cryptocurrency transactions. All other wallets, according to the statement, are "secure and unharmed;" however, withdrawals were suspended while BitMart investigates the breach.
The statement also revealed that approximately $150 million was taken, which BitMart referred to as "a small percentage of assets."
BitMart CEO Sheldon Xia attributed the breach "mainly" to a stolen private key, according to a security update posted to Twitter Sunday. He also said initial security checks were completed and affected assets were identified, and that BitMart will use its own funding to reimburse affected users.
"We are also talking to multiple project teams to confirm the most reasonable solutions such as token swaps. No user assets will be harmed," Xia wrote on Twitter.
On Dec. 2, users on BitMart's Telegram channel complained of verification failures. The following day, they cited issues with buying, selling, trading and withdrawing. On Dec. 6, Xia updated BitMart users with his statement on Twitter, saying he was "confident" that deposit and withdrawal functions will "gradually begin on Dec. 7."
Additional updates were also posted to Telegram Monday. An individual claiming to be a BitMart admin said the exchange is "tracking the hacker's activities and doing our best to recover stolen assets." The admin also warned users not to "trust any unofficial personnel or info."
"We only have one official telegram community and we do not have any tech-support telegram channel. Be aware of scammers and fake Telegram group," the admin wrote on Telegram.
The company said Xia will address the security breach, compensation arrangements and plans to resume operations Monday night on Telegram.
Cyber attacks against cryptocurrency exchanges are seemingly on the rise. Last month, BTC-Alpha confirmed it was the victim of a ransomware attack. Though BTC-Alpha founder Vitalii Bodnar said no hashed passwords were comprised and users' balances were not impacted, users cited issues with logging in and not being able to withdraw funds.