red 
Crypto exchange BitMart was hacked, leading to the loss of just over $225 million in cryptoassets – the fifth largest cryptocurrency theft of all time. This comes just days after the theft of $151 million from DeFi services BadgerDAO and MonoX Finance.
Elliptic’s analysis shows that on December 4, more than $225 million in cryptoassets was stolen from BitMart, a Cayman Islands exchange. This includes over $110 million in Ethereum-based assets and $115 million in assets on the Binance Smart Chain.
This is the largest theft suffered by a centralized exchange in 2021 and the fifth largest theft of a crypto-asset ever. Other notable losses include the theft of over $532 million from centralized exchange Coincheck in September 2018, and the theft of $611 million from DeFi service Poly Network (although those assets were later recovered by the thief).
.png?width=2160&name=USD%20values%20of%20stolen%20cryptoassets%20form%20the%20top%2010%20Exchange%20%26%20DeFi%20hacks%20(1).png)
How the hack unfolded
On Saturday, December 4, over the course of just over an hour, more than 100 different cryptoassets were leaked from wallets belonging to BitMart. This includes $32.6 million in Shiba Inu (SHIB) tokens and $50.6 million in Xenon Pay (X2P) tokens.
Two days later, BitMart’s CEO confirmed the theft, stating that private keys to the exchange’s hot wallets had been compromised.
Laundering stolen cryptocurrency
Stolen assets have already been laundered through decentralized finance (DeFi) services – an increasingly common tactic seen in hacks of this type. These techniques are described in more detail in our new report — DeFi: Risk, Regulation and the Rise of Decriminalization.
First, the stolen tokens were exchanged for ETH and BSC through decentralized exchanges (DEX), to prevent their confiscation. Tokens like stablecoins are controlled by their issuers, who in some cases can freeze tokens involved in illegal activities. By converting tokens on DEXs, the hacker avoided AML and KYC checks performed on centralized exchanges.
Second, ETH and BSC were sent via Tornado Cash, a decentralized mixer. This breaks the money trail, making it difficult to track stolen property further on the blockchain, frustrating law enforcement efforts.
Five days, $376 million lost
The BitMart theft is the third and largest crypto hack to occur in just three days. On November 30, $31 million was mined from DeFi service MonoX Finance. This was followed on December 1 by the theft of $120 million from Badger DAO, a decentralized asset management service.
This comes on top of another $1.5 billion already stolen from DeFi services over the past year, as detailed in our DeFi report.
Learn more about how Elliptic’s blockchain analytics solutions help crypto businesses and financial institutions manage their cryptoasset risk.
