BitMart Bolster Security and Restore Promptly After the Challenge

BitMart Exchange
5 min readDec 31, 2021

Security has always been our top priority since BitMart was founded in 2017. However, the December 4 security breach further reinforced that vigilance towards potential threats. Constantly enhancing security must be a core tenet throughout our journey.

The Breach

On Saturday, December 4 at approximately 6:30 PM EST, BitMart’s Risk Control Team identified several abnormal transactions. Shortly afterward, our Security Team confirmed we had been subject to a large-scale attack and immediately began rolling out a security response to ensure the security of our users and their assets.

Expeditious Actions

Immediate Steps

As soon as the attack was confirmed, we temporarily halted all deposits and withdrawals to prevent any further damages and shut off access to any potential system vulnerabilities. In partnership with security experts and other industrial leaders in digital asset security and investigations, we initiated an in-depth investigation both internally and externally. Internal investigations aimed to identify sources of vulnerabilities and fix them as soon as possible.

Initial Fact-Finding and Investigation

Initial findings from the investigation found that the attacker successfully gained access to two “hot wallets” — cryptocurrency wallets that can be accessed via the internet — through theft of critical private keys. The investigation remains ongoing as BitMart’s security teams, partners, and law enforcement agencies continue their efforts to track those responsible for the attack and to bring them to justice.

Security Enhancements and Additional Protections

We began reviewing and upgrading our security and risk control systems immediately following the breach. In the days and weeks since the initial attack, BitMart has been working tirelessly to enhance safety for our users and to further secure their assets. Those measures include but are not limited to the security enhancements that follow:

Assigned New Deposit Addresses

To shut off any potential remaining vulnerabilities related to hot wallets, BitMart replaced all token deposit addresses including BTC, ETH, and SOL. Users were encouraged to log in to their accounts and verify their new deposit addresses before initiating any new deposits to BitMart.

Fully Isolated DevOps Environment

This measure will ensure that all workflows have fine-grained scope of control. BitMart also shut off all unnecessary public endpoints. Further, we enacted new policy control runs in a trusted environment with parameter integrity checks.

Deeply Integrated Identity Authentication

BitMart brought deep integrations with the Google Identity system online for full-scale Single-Sign-On (SSO) authentication.

Upgraded Security and Risk Control System

BitMart introduced an enhanced security and risk control system. Using big data and machine-learning to detect any abnormal behaviors in real-time to ensure the security of users’ accounts and assets completely.

Improved Security of Network Architecture

BitMart deployed banking/financial-grade network security facilities. As for blockchain security, BitMart upgraded the key management methodology and ran transaction-related code in a trusted environment. We also strengthened blockchain security from multiple perspectives. Concurrently, we also cooperated with three leading cybersecurity companies for planning and implementing even more strict cyber security policies.

Restructuring Security Teams to Maximize Reach

The BitMart Security Team was reorganized to work more closely with external cybersecurity companies like Peckshield and SlowMist for security intelligence exchange and professional guidance on our new security infrastructure and communications. We are also establishing an entirely new BitMart Security Response Center, which will be responsible for detecting any abnormal behaviors and ensuring an effective and rapid response to all future threats as early as possible.

More Secure Data Transmission

BitMart enabled strict packet filtering down to the Micro-service level and mandatory requirements of Mutual TLS between every route of API connections.

Restoring Access and Services as Promptly as Security Allows

Safely Reinstating Access and Services

BitMart’s primary goal constantly lies in ensuring the safety and security of its customers and their assets.

Having deemed it safe to do so, on Tuesday, December 7, BitMart began resuming deposit and withdrawal functions for ETH. Some ERC-20 tokens were also restored on this date. This process is still ongoing as the security of each function is fully tested and verified. Subsequently, BitMart restored deposit and withdrawal functionalities for multiple mainnet tokens including Avalanche, Binance Chain, Bitcoin, Casper Network, Chia, Ethereum, Harmony, HecoFi, IoTeX, Internet Computer, Kusama, NEAR Protocol, PlatOn Network, Polkadot, Polygon, Solana, Stellar, Tether, Tron, VeChain, Filecoin, Litecoin, Apollo, and Dash. Functionalities for any additional tokens are gradually being restored and announced after each passes a thorough high-level security review.

The swift actions of BitMart Security Team, prompt communications with its community, and its focus on a smooth transition to recovery promptly facilitated the resumption of functionalities.

Communicating with the BitMart Community

Connecting with BitMart Users

BitMart’s community and partners are essential to BitMart’s success. BitMart deemed it crucial that the team understands any concerns, and prioritizes the safety of its users and their holdings above all else. From the onset of this attack, BitMart sought to communicate as transparently as possible while not jeopardizing security by sharing too much.

Following the attack, BitMart committed to cover all asset losses incurred from the security breach. We continue to strive to restore all services and allow it to safely fulfill all users’ withdrawal requests. The entire BitMart team continues to work around the clock to provide dedicated customer support as we continue to restore services and upgrade our security systems.

In appreciation of the extensive support and patience demonstrated by the community, on December 8 we announced a rewards giveaway program equaling 1M BMX tokens for users that meet specified criteria.

Collaboration with Ecosystem Partners

Regrettably, BitMart was not alone in being attacked by malicious actors targeting the cryptocurrency community in the past few weeks. Several exchanges and services have also fallen victim to security breaches and attacks recently. As the industry grows, BitMart will continue to work with the wider industry to secure the future of digital assets and to create the strongest barriers possible against unlawful actors. We are wholly grateful to all partners who lent their time, energy, and expertise during this period.

Looking Ahead

Looking ahead, security remains paramount for BitMart. The team will continue to work alongside cybersecurity experts, ecosystem partners, and regulators to further strengthen BitMart defenses against attacks and security breaches. We will provide our users a trading experience that is safer, and more secure.

--

--