AscendEX Hacked, $77.7M Lost From Hot Wallets
Cryptocurrency exchange AscendEX has disabled deposits and withdrawals following revelations from a security audit that various tokens had been transferred out of its hot wallets. The hack took place at 10 pm UTC on Dec. 11, 2021. It resulted in the transfer of ERC-20, Binance Smart Chain, and Polygon tokens amounting to $77M out of hot wallets, according to blockchain security firm Peckshield Inc. AscndEX has assured that they will replace all user funds that are lost and will gradually resume deposits and withdrawals. ERC-20 token transfers accounted for approximately $60M in losses, while $9.2M was lost on the Binance Smart Chain, with $8.5M lost on Polygon. The largest token transfers from Ethereum were the lesser-known TARA token and USDT, with approximately $10.8M and $5.7M lost, respectively.
AscendEX hasn’t released official figures regarding the losses, but Etherscan does provide the raw data if one wishes to trace the transactions involved in the hack. It is unclear how the hack occurred, but what is clear is that cold wallets are not affected.
What Is a Hot Wallet?
A hot wallet is a digital entity designed to make changes to a decentralized public blockchain for the cryptocurrency being bought or sold. Hot wallets are more vulnerable to hacks since they are accessible on the internet. All wallets contain a set of private keys, without which access to one’s cryptocurrency is lost. Like the ones involved in the AscendEX Hack, a custodial hot wallet is a type of hot wallet where a cryptocurrency exchange has access to the private keys.
Cold wallets are offline wallets that contain private keys and are connected to a user’s PC, with a companion software app that allows a user to view their crypto holdings without risking their private key.
Established and reliable exchanges generally store most user funds in cold wallets, then keep a certain amount available in custodial hot wallets for withdrawals. Hot wallets make it easier to make online purchases, as funds are readily available on the internet.
Hacks Show A Worrying Increase in Frequency
This is the second hack in the space of week, with the previous one being a hack of Bitmart, where one BSC and one ETH hot wallet were hacked resulting in losses of approximately $200M, according to Peckshield Inc. BitMart later admitted that the hack was due to stolen private keys, and committed to reimbursing affected users from their own pockets. Prior to that, on Dec. 2, BadgerDAO experienced an attack that saw it lose $120M.
Huobi Exchange has once again stepped in to blacklist addresses involved in the hack to ensure that no stolen funds pass through their exchange, much like they did for the Bitmart hack.