AscendEx exchange loses $77M in hack, promises full compensation

Getting your Trinity Audio player ready...

A Singaporean digital currency exchange is the latest victim to a security breach, losing over $77 million in a hack. The criminals accessed the exchange’s hot wallets and drained them of Ethereum, Polygon, BCH, and several other smaller ERC-20 tokens. AscendEx traced most of the stolen funds to have landed on Bitfinex and Binance while pledging to compensate all the victims fully.

The exchange, known as BitMax until March 2021, announced the hack on Twitter. It revealed that the hackers targeted three networks—Binance Smart Chain, Ethereum, and Polygon—where after accessing the hot wallets, they drained them.

22:00 UTC 12/11, We have detected a number of ERC-20, BSC, and Polygon tokens transferred from our hot wallet. Cold Wallet is NOT affected. Investigation underway. If any user’s funds are affected by the incident, they will be covered completely by AscendEX.

— AscendEX (@AscendEX_) December 12, 2021

The exchange identified the breach after noticing several unauthorized transfers from one of its hot wallets. Its cold wallets were unaffected, with the funds in the untouched hot wallets being immediately locked in cold storage.

AscendEx issued a number of ERC-20, BCH, Litecoin, and BSC addresses that propagated the attack, with many still holding millions of dollars at press time.

PeckShield Inc., a blockchain security and data analytics company, revealed that the estimated losses stood at over $77 million. Tokens on Ethereum accounted for the lion’s share at over $60 million, with BSC and Polygon accounting for just under $10 million.

Estimated loss @AscendEX_Global: $77.7M in total ($60M on @ethereum $9.2M @BinanceChain $8.5M @0xPolygon). Here is the list of the transferred-out assets and their amounts on @ethereum pic.twitter.com/VC4DKOwu4f

— PeckShield Inc. (@peckshield) December 12, 2021

Of the stolen tokens, the relatively unknown Taraxa (TARA) accounted for the highest figure at $10.8 million. TARA is the native token of the Taraxa network, which claims to be purpose-built for audit logging of informal transactions. Tether and USD Coin each accounted for $5 million.

Following the hack, the exchange immediately suspended deposits and withdrawals on the platform. Trading, staking, and yield farming were also halted immediately. AscendEx, which claims to have over a million users, pledged to compensate all the victims fully. It also said to be working with law enforcement and blockchain analytics firms, including Chainalysis and hardware wallet Ledger, to go after the criminals.

In its post-mortem, the Singaporean exchange claimed to have identified the perpetrators’ wallets to be with Binance, Bitfinex, and OKEx. 

Binance is no stranger to links with crimes in the space. It has been identified as one of the biggest destinations for digital currencies that have either been stolen or are proceeds of ransom and other crimes. A year ago, a Japanese exchange sued Binance for ‘helping’ criminals launder 1,451 BTC, which they stole from the exchange. Fisco exchange claimed the criminals took advantage of the lax registration requirements at Binance to cash out.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—a from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple, 
Ethereum, FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.