Taking a Closer Look At Bitmart Exploit

4 min read

Learn how Bitmart was exploited, causing a loss of assets worth over $200 million.


On December 4, 2021, BitMart was exploited on its Ethereum and BNB Chain hot wallets, which resulted in a loss of assets worth approximately $200 million.

Introduction to Bitmart#

BitMart is a centralized exchange platform that supports crypto asset trading.

Vulnerability Assessment#

The root cause of the exploit is the compromise of the private keys. The hackers are believed to have obtained the private keys through a phishing attack or a social engineering attack.

Exploit on the Ethereum Mainnet#

The hacker was able to steal a total of $96 million worth of cryptocurrency from BitMart's hot wallets on the Ethereum blockchain.

Step 1:

The exploiter took away a total of 29 different tokens, including ETH and several other ERC20 tokens, worth approximately $90,487,593.

Step 2:

On December 4, 2021, the exploiter first stole and transferred 100 ETH and then 48.87 ETH, totaling approximately $599,576 from Bitmart's hot wallet, which was then transferred to this address of the exploiter.

Step 3:

The same address of the exploiter also later laundered 100 ETH worth of the stolen assets, amounting to $417,118, to Tornado Cash.

Step 4:

Approximately 18,044 ETH worth $74.07 million of the stolen assets were converted into ETH through 1inch and then transferred to another address of the exploiter.

Step 5:

In total, the second address of the exploiter received a total of 21,195 ETH, worth $85.36 million, and then transferred approximately 21,170 ETH to Tornado Cash.

Exploit on the BNB Chain#

The hacker stole approximately $100 million worth of cryptocurrency from BitMart's hot wallets on the BNB Smart Chain.

Step 1:

The exploiter took away a total of 20 different tokens, including BNB and several other BEP20 tokens, worth approximately $100 million.

Step 2:

On December 4, 2021, the exploiter transferred 213.57 BNB worth approximately $121,565 from Bitmart's hot wallet to this address of the exploiter.

Step 3:

The stolen BEP20 tokens were then swapped for 56,637.35 BNB through 1inch and PancakeSwap.

Step 4:

In total, this address of the exploiter later laundered approximately 56,523.78 BNB, which amounts to 99.79% of the stolen funds in the BNB chain, to Tornado Cash. 


The $200 million Bitmart hack was first revealed by Peckshield. Bitmart CEO Sheldon Xia later confirmed the hack over Twitter as a “large-scale security breach” on ETH and BSC hot wallets. After 72 hours of the hack, the exchange resumed withdrawals and deposits on the platform. Bitmart assured its customers that the majority of their funds were safe and that those who had lost assets would be reimbursed.

However, media reports as of January 2022 suggested that some customers were still waiting to be compensated for their losses. In response to the hack, Bitmart replaced its depositing wallets on multiple chains to improve security. This suggests that wallets on multiple chains may have been at risk of being hacked.


While no security protocol is entirely foolproof, the application of rigorous and consistent security standards can significantly mitigate the risks associated with attacks on cryptocurrency exchanges. Proactively identifying and addressing potential attack vectors before they are exploited by malicious actors is crucial. In light of incidents like the Bitmart hack, it becomes evident that a comprehensive approach to security measures is essential. Such an approach not only aims to prevent future attacks but also to minimize their impact.

One of the primary strategies in this regard is the use of cold wallets for storing the majority of funds. Unlike hot wallets, which are constantly online and connected to the internet, making them more susceptible to hacking, cold wallets remain offline. This disconnection from the internet inherently boosts their security, making them a preferred choice for safeguarding significant amounts of cryptocurrency.

Another pivotal strategy is the implementation of multi-factor authentication (MFA). By requiring users to enter a code from their phone in addition to their standard password, MFA introduces an extra layer of security. This added layer makes it considerably more challenging for hackers to gain unauthorized access to accounts.

Nonetheless, even with the most robust security measures in place, vulnerabilities may still be exploited. This is where we, at Neptune Mutual, play a pivotal role. Unfortunately, we were not available as a marketplace at the time of this incident. As a result, the affected parties likely had no avenue for recovering their funds. While we may not have been able to prevent this hack from occurring, we believe our presence could have significantly reduced or mitigated the aftermath of the attack. In the event of security incidents similar to the Bitmart hack, having a dedicated cover pool in our marketplace could have provided substantial relief to the victims. We extend coverage to users who experience losses due to smart contract vulnerabilities through our parametric policies.

With us, users are not burdened with the task of providing extensive evidence of their losses to claim payouts. Once an incident is confirmed and resolved through our incident resolution system, we ensure that payouts are expedited, offering immediate relief to those affected.

Moreover, we operate across various blockchain networks, including EthereumArbitrum, and the BNB chain. Our broad operational reach ensures that we can cater to a diverse array of DeFi users, providing them with protection against potential vulnerabilities. In these uncertain times, we stand as a beacon of assurance for DeFi participants, promising them that their investments are in safe hands.

Reference Source HackTrack