Good morning lads. Hope you're all enjoying the dip. It's been a wild ride on the markets the last few days. I wanted to put together a post showing most of the hacking details and my own takes on Bitmart's actions. So without further adieu let's dive right in to the juicy details.
Last night two of Bitmart's hot wallets for their ETH and BSC assets were compromised. The thieves quickly began liquidating and moving everything to tornado.cash. You can view the carnage here:
BSC Wallet(https://bscscan.com/address/0x25fb126B6c6B5c8EF732b86822fA0F0024E16C61)
ETH Wallet(https://etherscan.io/address/0x39fb0dcd13945b835d47410ae0de7181d3edf270)
For those unfamiliar with tornado.cash. It's an ETH DEX that allows a user to deposit tokens and withdraw them on a separate address. Works similar to a bitcoin tumbler and keeps the thieves from being easily tracked.
The news of a compromise hit twitter from blockchain security and analytics firm Peckshield Inc. At 16:30 PST they posted a tweet showing the liquidation of multiple tokens. https://twitter.com/peckshield/status/1467289808045494276.
Bitmart held 30T of our favorite moon shitcoin tokens in the wallet, amounting to over $41Mil. Some other notable shitcoins they liquidated were lots of the Dog based BSC shitcoins. The also grabbed a bunch of Cake, Pegged BSD, Axies.
The CEO of Bitmart, Sheldon Xia, acknowledged the hack about 2 hours later on his twitter. Their initial claim is 150Mil was liquidated and removed as a result of the breach. https://twitter.com/sheldonbitmart/status/1467316252855226368
That's a pretty hefty chunk of change to be losing. According to Bitmart's website >Only less than 0.5% of our assets are stored in a hot wallet for daily operation in order to strengthen the protection of digital assets.
Now this doesn't specify if it's managed assets or Bitmart's own assets. So that's the damage, let's take a look at possible fallout.
As of 0700 PST the day after the breach, there is still NO notice of the breach on Bitmart's website, either on the frontpage or on their media section. The app also has no notice of the breach. They have posted on the official twitter but not having an official post on your website or app is inexcusable.
But wait it gets worse! Bitmart is also still allowing trading for all the compromised assets! And if you look at the logs, the hackers are still liquidating tokens! Some MANA was dumped from the ERC wallet and several shitcoins and CAKE from the BSC wallets yesterday morning.
The only steps Bitmart has taken so far are to disable the ability to withdraw tokens. Which users aren't even aware of until they go to withdraw and find the buttons disabled. Absolutely inexcusable from the self-proclaimed >most trusted cryptocurrency trading platform.
Now to the real nitty gritty. I've perused the Bitmart user agreement this morning to see what they may do in the event of a hack. I'll preface this by saying i'm not a lawyer, this isn't legal advice, i'm just an idiot reading while sipping my coffee.
There are 2 sections that I find concerning, if I was a Bitmart holder wondering if my assets went poof.
Section 4.7: Digital Currency Ownership As the owner of Digital Currency in your Digital Wallet, you shall bear all risk of loss of such Digital Currency.
Section 11.3: Limitation of Liability for any lost profits or any special, diminution in value or business opportunity, any loss, damage, corruption or breach of data or any other intangible property or any special, incidental, indirect, intangible or consequential damages, whether based in contract, tort, negligence, strict liability, or otherwise, arising out of or in connection with authorized or unauthorized use of the BitMart Site or the BitMart Services
From my own understanding of the text, and please correct me if i'm wrong; Bitmart is pretty much free and clear of any liability from being legally liable for this hack. They aren't covered under FDIC or any other loss prevention agreement. It's entirely possible they call whoopsie and shrug their shoulders.
So, ideally Bitmart should repurchase the compromised assets at the current market price to make their customers whole, right? Well that may be an issue. Since the dip, many of the assets have rebounded a bit and now Bitmart is looking at significantly more than $150Mil to correct the error.
And do they even have that kinda money? According to a post on techcrunch https://techcrunch.com/2021/11/09/crypto-exchange-bitmart-in-talks-to-raise-at-300-million-valuation/. Bitmart only made $65Mil in revenue, not profit, in the first 6 months of 2021.
I couldn't locate any concrete revenue numbers but according to their weekly report from 11/22-11/28 their site peaked at $1.49B volume for a 24h period.
That's the breakdown. Bitmart got fucked hard and now we wait to see if the investors get fucked in turn.
TL;DR: Bitmart hasn't made a statement on their plans as of yet. They continue to allow trading but have disabled withdraws. All without notice on the app/website; only twitter. Not your keys, not your coins. Get your shit off shitty exchanges.
Edit: Attempted to post yesterday but automod hates any mention of shitcoins. Hopefully this satisfies the little bastard. Also prices have tanked since yesterday so if Bitmart is buying back now would be the time.
No comments:
Post a Comment