A "stolen private key" meant up to $196 million was taken from BitMart, while BadgerDAO is trying to reason with an attacker who swiped thousands of Bitcoin from the popular DeFi protocol.
While a bloodbath was happening in the crypto markets, it seems that hackers were out in force.
An Ether hot wallet and a Binance Coin hot wallet were targeted in the attack, and withdrawals have been suspended until further notice.
"Begging" for understanding and patience, the trading platform added in a statement:
"The affected ETH hot wallet and BSC hot wallet carry a small percentage of assets on BitMart and all of our other wallets are secure and unharmed. We are now conducting a thorough security review and we will post updates as we progress."
To confuse matters further, PeckShield shared screenshots from a Telegram group that suggest BitMart initially denied any hack had taken place.
As users asked for answers about what had happened, admins deleted messages because they were "creating unnecessary attention" — and dismissed talk of a hack as "fake news."
Such hacks have the potential to greatly diminish confidence in the crypto sector — and lead to criticism of the use of hot wallets, a term used to describe storage that's connected to the internet.
In the early hours of Monday morning, BitMart's founder and CEO Sheldon Xia revealed that the hack had been caused by a "stolen private key," adding:
"BitMart will use our own funding to cover the incident and compensate affected users."
Deposits and withdrawals are expected to recommence "gradually" from tomorrow.
BadgerDAO in the Limelight
Badger says a "24/7" investigation is taking place to get to the bottom of what happened — with deposits and withdrawals suspended. Work is currently underway to ensure that the protocol's smart contracts "can be safely reactivated without further risk to funds."
The protocol appears to be hopeful that a white hat hacker will have been behind the theft — someone who exposes vulnerabilities but has no interest in holding on to the funds. In an on-chain message to the person responsible, Badger wrote:
"You have taken funds that do not belong to you but we are willing to work with you and compensate you for identifying this vulnerability in the systems. We are providing you with a direct line of communication to discuss a peaceful resolution without involving any outside parties. Contact us to discuss further and do the right thing on behalf of the community."
Badger has enlisted the blockchain analytics firm Chainalysis to perform a forensic investigation — and has also gotten in touch with law enforcement agencies in the U.S. and Canada.
One of those caught up in the hack is the crypto lender Celsius Network — but the platform's CEO, Alex Mashinsky, has stressed that none of its members have lost funds as a result.