The U.S. Federal Trade Commission (FTC) opened an investigation on BitMart on August 11 over a hack from December 2021 after BitMart’s operators — Bachi.Tech and Spread Technologies LLC. — refused to disclose information the FTC requested.
Representatives of BitMart did not respond to requests for comment at the time of writing.
Background to the investigation
According to a Bloomberg News report, the FTC asked BitMart’s operators for information on how they approached users during the December 2021 attack. The FTC wanted to determine whether the companies responded to user complaints and what they said regarding the security of the users’ assets.
However, the operators rejected giving out information by saying that the requests were too broad and some of the data was stored overseas, resulting in the FTC investigation. The regulator also noted that the investigation would examine the BitMart operators’ compliance with other federal laws and seek information on the December 2021 hack.
The December 2021 hack
BitMart suffered from the hack on December 4, 2021, and lost somewhere between $150 million to $196 million. The exchange said it lost $150 million in funds when announcing the hack. However, a data analytics firm estimated the losses to be $196 million.
BitMart explained that the hackers stole the private keys to the exchange’s $ETH and $BSC hot wallets. According to the data analytics firm, $100 million was stolen from the $ETH wallet and another $96 million from the $BSC wallets. BitMart didn’t disclose the details on the exact amounts stolen from the wallets.
The attackers stole the total amount in the form of 20 different crypto assets, including Binance Coin, Safemoon, and Shiba Inu. Then, they sent the stolen coins to decentralized exchanges to convert to Ethereum. Finally, they laundered them through crypto mixer Tornado Cash.
The BitMart hack was the second largest security breach that happened in 2021.