Bitmart added in a statement that all withdrawals had been temporarily suspended until further notice and said a thorough security review was underway. The hackers made off with a mix of more than 20 tokens, including binance coin, safe moon bitmart, and shiba inu.
A hot wallet is connected to the internet and allows owners relatively easy access to their coins so that they can access and spend their crypto.
The trade-off for convenience is potential exposure to bad actors. CNBC reached out to multiple Bitmart employees to ask for more clarity on the hack, including whether customer funds had specifically been targeted in the breach, and if so, whether users would be reimbursed. Bitmart says it is still unclear what possible methods the hackers used, but what happened after the breach was pretty straightforward, according to Peckshield.
From there, the ether coins were deposited into a privacy mixer known as Tornado Cash, which makes the money harder to trace. Cybercriminals often look to a mixing or tumbling service, according to Rick Holland, chief information security officer at Digital Shadows, a cyberthreat intelligence company.
Holland told CNBC these services allow users to combine illicit funds with clean crypto to essentially make a new type of cryptocurrency, at which point they turn to currency swaps.
So even though the blockchain is public, there are still ways to make it difficult for investigators to trace transactions to their ultimate destination.
This latest breach comes amid a wave of recent hacks. In a strange twist, the attacker subsequently returned nearly all of the money.