BitMart Exchange Hacked for $196 Million, Customers Unable to Access Funds
Incident Details
Summary
On December 4, 2021, hackers breached cryptocurrency exchange BitMart and drained approximately $196 million in tokens from two hot wallets (Ethereum and Binance Smart Chain). Security firm PeckShield identified the exploit, which involved a stolen private key. BitMart CEO Sheldon Xia initially called it a 'small-scale security breach' before acknowledging the full $196M scope. The exchange suspended all withdrawals, leaving users unable to access their funds for weeks. BitMart promised to compensate affected users from company capital, but the timeline and completeness of repayment remained disputed. The hack highlighted ongoing hot wallet security failures among centralized exchanges.
Related Incidents
News Explorer — Ethereum User Loses $600K in Address Poisoning Scam - Decrypt
An Ethereum user lost $600,000 on February 17, 2024, after falling victim to an address poisoning scam. This crypto scam involved fraudsters sending spam transactions from similar-looking addresses to confuse the user during cryptocurrency transfers. The incident highlights a common method used by scammers to cause significant financial losses for users.
Weekly Blockchain Blog - February 2026 #3 | BakerHostetler - JDSupra
Daren Li, a dual national, was sentenced in absentia to 20 years in prison for laundering more than $73 million obtained through an international cryptocurrency investment scheme. The scam operated from centers in Cambodia. Li had previously pleaded guilty in November 2024 but fled supervision in December 2025. The U.S. Department of Justice announced his sentencing.
WazirX Exchange Hacked for $230 Million by North Korea's Lazarus Group; Indian Customers' Funds Frozen
On July 18, 2024, hackers drained approximately $230 million — nearly half of WazirX's total assets — from the Indian crypto exchange's multi-signature wallet. Blockchain analysts including Elliptic attributed the attack to North Korea's Lazarus Group. WazirX suspended all withdrawals following the hack, freezing funds for millions of Indian users. The exchange filed for restructuring in Singapore and faced lawsuits in India. The hack illustrated the continued vulnerability of centralized exchanges to state-sponsored cryptocurrency theft, and the devastating impact on retail users who keep assets on exchanges.