As regulatory uncertainty continues to plague the global digital asset ecosystem, many anti-encryption proponents continue to emphasize that the entire industry still has a long way to go to rival the traditional financial system in terms of protecting itself anywhere.Now with The recent Bitmart hacking incident was exposed, These people were given more firepower.
Recall that on December 5, the cryptocurrency exchange Bitmart suffered a major hacking attack. The platform lost nearly 200 million U.S. dollars due to the compromise of the hot wallet hosted on the Ethereum and Binance smart chain blockchains.The vulnerability was first exposed by the blockchain security company Peckshield. Its network security team revealed that a malicious third party was able to transfer approximately US$100 million through the Ethereum blockchain at first, followed by a concurrent hacking of US$96 million. use The BSC reserve of the cryptocurrency exchange.
Hackers can accumulate more than 20 tokens, including many altcoins, such as Binance Coin (Bitcoin), SafeMoon (SAFEMOON), BSC-USD and BNBBPay (BPay). They are also able to steal a considerable number of memetic tokens, including Baby Doge Coin (BabyDoge), Floki Inu (FLOKI) and Moonshot (MOONSHOT).According to PeckShield’s security team, the entire solution can be Attributed to To a simple “transfer, exchange and clean” operation.
To better understand how the entire incident happened, Cointelegraph contacted Bitmart. A spokesperson for the trading platform pointed out that once violations were discovered, the company took actions to shut down multiple systems to “limit any form of direct damage”-these actions include stopping token withdrawals and preventing users from trading certain currencies Yes. The representative added:
“We plan to continue to restore services gradually, but will only follow the thorough testing process of our security team. Security remains our top priority. In fact, as of Tuesday, December 7, 2021, we have restored ETH and Deposit and withdrawal of ERC20 tokens.”
In addition, the exchange’s written response also emphasized that in order to strengthen its local security infrastructure, Bitmart has replaced all token deposit addresses related to currencies such as Bitcoin (Bitcoin), ether (Ethereum) And Solana (Sol), and all other tokens involved in the event. The statement finally said: “We have also notified our users of the relevant changes.”
Finally, on December 6, Sheldon Xia, the founder and CEO of BitMart, Announce Through Twitter, xchange will use its own funds to compensate for any losses caused by the incident: “We are still talking with multiple project teams to confirm the most reasonable solution, such as token exchange. It will not damage user assets.”
The crypto community shows solidarity
After nearly 200 million USD in hacking, members of the Global Shiba Inu (SHIB) community and the cryptocurrency exchange Huobi Global Jump in to provide Bitmart provides any kind of assistance required by the exchange, which can not only strengthen its existing security settings, but also accurately monitor the inflow of its misplaced assets.
In an interview with Cointelegraph, Huobi Global Strategy Director Jeff Mei pointed out that in Bitmart-related cases, transparency and immediate action must be the top priority, adding:
“Exchanges should remind their users, other exchanges and law enforcement agencies as soon as possible, and be transparent about their work to deal with hacking attacks and user funds loss.”
In addition, Mei emphasized that users should avoid concentrating all their assets on one platform or one wallet. If users feel that something suspicious may have happened, they should not hesitate to contact relevant exchanges and inform them of potential security incidents.
Much like Huobi, the Shiba Inu community has also confirmed its intention to help Bitmart, adding that it has stepped up its efforts to review ShibaSwap, a decentralized exchange (DEX) established by the community, for any potential security threats.
Need more education
Raimundo Castilla, CEO of Prosegur Crypto, a digital asset custody platform, told Cointelegraph that Bitmart’s recent security breaches are easily preventable, provided that users of the platform have received sufficient education to keep their digital assets externally rather than traded. The institute itself:
“The hot wallet should only be used for the funds you want to trade. This money should be kept in a cold storage with an airtight system and 100% offline transactions.”
Nevertheless, Castilla continues to add that in order for platforms like Bitmart to prevent future accidents, they need to use a combination of innovative technologies and strict governance protocols. First, their private keys should not be protected online, because anything stored online is vulnerable to attack, no matter how well protected it is. “They should use a whitelist so that even if someone has access to any private key, he can only send funds to the pre-confirmed wallet direction,” he explained.
In addition, Bitmart may adopt an advanced multi-party computing (MPC) joint signature system, which utilizes a multi-signature approval module. This will require the hacker to need several people to approve the transaction in question.
Castilla added: “Just cracking a private key will not help at all.” In addition, someone who plays the role of a key account manager could have stepped in and “stopped the transaction to contact the customer to see if it was legal.”
Better security measures are needed now
As the crypto ecosystem seems to be continuously impacted by malicious hacking incidents, it’s worth noting that the recent digital asset lending platform Celsius has also confirmed that it has Facing a loss of $50 million Through the use of vulnerabilities related to the Decentralized Finance (DeFi) protocol BadgerDAO.
Report the attack first Surfaced On December 9, the core development team of the agreement announced that they had received “multiple unauthorized withdrawals and exports” related to their customers. After that, they suspended all existing smart contracts to mitigate more potential losses.
In other words, it’s not all bad news recently, because the cross-chain protocol Synapse Bridge revealed on November 9 that its security team was able to Avoid millions of dollars in exploits On the Avalanche Neutral Dollar (nUSD) pool, prevent criminals from using digital currencies worth nearly 8 million U.S. dollars for transactions.