BitMart Attack – Combatting Cyber Criminals’ Crypto Appetite

By   ISBuzz Team
Writer , Information Security Buzz | Dec 07, 2021 06:55 am PST

It has been reported that hackers have taken $196 million from crypto trading platform Bitmart, according to a security firm. Bitmart confirmed the hack in an official statement Saturday night, calling it “a large-scale security breach” and writing that hackers withdrew about $150 million in assets. However, blockchain security and data analytics firm Peckshield estimates that the loss is closer to $200 million.

Subscribe
Notify of
guest
3 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Steve Bradford
Steve Bradford , Senior Vice President
December 7, 2021 2:58 pm

<p>The £113m crypto-currency exchange attack highlights just how attractive the market is for cyber criminals. As the appeal of these lucrative cryptocurrency companies continue to increase, so will their targetability. </p>
<p>Today’s news further reinforces just how susceptible crypto is to being successfully breached, and the need for organisations to put in place greater measures to ward off criminals.   </p>
<p>Layers of cyber defence is key, including multiple security controls, increasing visibility over who has access to what and when. This is crucial to spotting unusual, suspicious behaviour and dealing with threats well before a breach occurs.</p>
<p>This should be a standard best practice for cyber security and will reduce the risk of malicious threats as cyber criminals continue to demonstrate their appetite in this industry.</p>

Last edited 2 years ago by Steve Bradford
Dr. George Papamargaritis
Dr. George Papamargaritis , MSS Director
December 7, 2021 2:57 pm

<p>This incident is added to an extensive list of cryptocurrency thefts. Existing cryptocurrency service platforms – especially those which are distributed- face the challenge of pseudonymity and the fact that hackers apply new transaction obfuscation techniques to breach platforms. On the other hand, centralized exchange platforms are facing typical vulnerabilities of user front systems. </p>
<p>Known security issues of cryptocurrency service platforms may cause negative financial market effects, investors loss of interest or prices to drop. </p>
<p>The service providers need to review their exchange designs and existing authentication mechanisms even if two-factor authentication and PIN access are already in place. Identity protection needs to be enhanced and research should focus on the application of stronger transaction tainting methods and monitoring for insider threats or fraud. Moreover, they need to emphasize reactive mechanisms in order to recover from compromises. This would mean the capability to monitor in real-time for suspicious activity and proceed to automatically freeze withdrawals and bring a new trusted exchange ledger online very fast.</p>

Last edited 2 years ago by Dr. George Papamargaritis
Michael Barragry
Michael Barragry , Operations Lead and Security Consultant
December 7, 2021 2:56 pm

<p>Without any further detail, it is hard to say exactly what the route of attack was in this case. However, like the majority of other crypto exchange hacks, it looks like one of the hot wallets was compromised. </p>
<p>Hot wallets are maintained by exchanges to support liquidity for traders, and they are frequently topped up by the exchanges as needed (for example when trading volume increases). They would typically support a relatively high quantity of transactions as users deposit or withdraw funds, and they are therefore much more connected to automated processes and the underlying machinery of the exchange than other wallets (e.g. cold wallets).</p>
<p>Usually, the task of accessing a wallet can be reduced to gaining access to the private key of that wallet. Hot wallets, however, have a greater attack surface, so may be possible to compromise some other way, such as due to a flaw in an application that interacts with it.</p>

Last edited 2 years ago by Michael Barragry

Recent Posts

3
0
Would love your thoughts, please comment.x
()
x