Bug bounty
Triaged by Hackenproof

Bitmart Post-Incident Forensics Bounty Hunt: Program info

Bitmart Post-Incident Forensics Bounty Hunt

Company: BitMart Exchange
This program is active now
Program infoHackers (2)Reports

In December 2021, BitMart Exchange experienced a significant security incident where hackers used stolen private keys to steal approximately $196 million worth of crypto assets from hot wallets.Affected assets included BTC, Ethereum, Binance Smart Chain tokens, and others.

This program seeks to identify those responsible for the BitMart breach, trace stolen assets, and facilitate fund recovery. Verified contributions will be rewarded, with additional bounties for successful recoveries. White-hat participants who provide verified key information will be eligible for rewards. A percentage of the recovered amount will be distributed as a bounty to those who made significant contributions.

Guidance for white hat detectives

BitMart Hack Bounty Program

Introduction

In December 2021, BitMart Exchange experienced a significant security incident where hackers used stolen private keys to steal approximately $196 million worth of crypto assets from hot wallets.Affected assets included BTC, Ethereum, Binance Smart Chain tokens, and others.

Key Fund Movements

  • December 2021: Attackers converted most stolen assets into ETH & BNB and mixed them using Tornado Cash.
  • December 2021: Stolen TRON funds were mixed via ChangeNOW and nrb.io.
  • December 2021: Stolen VeChain funds were mixed via SimpleSwap.
  • March 2024: Stolen BTC was mixed using Wasabi CoinJoin.

This program seeks to identify those responsible for the BitMart breach, trace stolen assets, and facilitate fund recovery. Verified contributions will be rewarded, with additional bounties for successful recoveries. White-hat participants who provide verified key information will be eligible for rewards. Additionally, if the stolen assets are successfully recovered, a percentage of the recovered amount will be distributed as a bounty to those who made significant contributions.


Scope

We seek verified intelligence related to the BitMart hot wallet theft on December 4, 2021 (UTC). This includes but is not limited to:

  • Attacker identification (on-chain & off-chain ties, social links, CEX account traces).
  • Transaction & fund flow analysis (on-chain tracing, mixing activity, laundering methods).
  • Infrastructure details (IP addresses, domains, hosting services used).
  • Other forensic evidence that contributes meaningfully to identifying the hacker(s).

Submissions lacking forensic value, repeating known data without new context, or providing unverifiable claims will not be eligible for rewards.


Known Information

Hacker Addresses

Hacker Address Type of Asset
0x39fb0dcd13945b835d47410ae0de7181d3edf270 ETH
0x4bb7d80282f5e0616705d7f832acfc59f89f7091 ETH
0x8eafee3d0df538a1e04487a43239c1c73b50032d ETH
0xAf631C6EebFC5Ff3a267788bafa52A18670D577c ETH
0x132f8cEEfE9ea00e1DbC06b32f625864BA21d66c ETH
0xC47A987521e2E646423ac92b1Eb0b3cB2193625D ETH
0xa9e4332448318da58cdd398286c0809684ed9bd4 ETH
0x402be63f5d8189f8027d429b8588df4f0aec9f53 ETH
0xe68a520f67c0225b7856bb9496dfc6b476217256 ETH
0xb4f8abad5d64f7132c74013569d55a6ac9bbaa1d ETH
0xf082af2426ee0d626c75597649f8f8fe0b5fbeee ETH
0x6723736dd131c0baed60d712d8e569fe6e9509b0 ETH
0x041afe8c155997de612d69f3ff0287ae58504246 ETH
0x25fb126b6c6b5c8ef732b86822fa0f0024e16c61 BSC
3Nsop3FW7jjjTKd6MkLc6qjyWuAm9XLU81 BTC
0x59E55AC0cb34358B9511bbB3f3C1327BD40523E5 AVAX
bnb15r4fzmhjv54ncf4f0cvmjvadjgwffd93gf56qv Binance Chain
TL1NRNDe3babg3zZywe8PC1tTMta1mqkTX TRON
TBTPmRe7Lpjka6Koxr2v7CrAocCNGZKsW5 TRON
TGScTPMkm3MDF8T3xpUzb7u3jXUV4qcBYm TRON
0x673B380f1667b2f9A216Fd1eBB6225Ee75cC7d55 VeChain
0xbb3fd383d1c5540e52ef0a7bcb9433375793aeaf VeChain
0x6f39fa0096b075becdb2c46c62976e92f03ca104 VeChain
0x8cbcc75678cd88e3d450941dcd3d27b560a6ecba THETA

Attackers' IoC Information

  • IP Addresses:
    • 119.91.93.28 (Discovered in Dec 2021)
    • 38.102.175.100 (Discovered in Dec 2021)
  • Mixing Services Used: Tornado Cash, ChangeNOW, SimpleSwap, Wasabi CoinJoin.

Rules and Guidelines

Accuracy

  • Submissions must be verifiable, objective, and directly contribute to identifying the attacker or tracking stolen funds.

Details

Submissions should include:

  • Blockchain transaction proofs (tx hashes, addresses, patterns).
  • Cross-referenced intelligence (CEX account links, emails, IPs, domain history).
  • Technical analysis (heuristics, mixing methods, transaction clustering).
  • Chain of custody to ensure data integrity.
  • A complete forensic intelligence clue chain.
  • Supporting data that proves the intelligence's value.
  • Specific methods, tools, or techniques used.

Originality

  • Information must be original and not previously disclosed or made public.

Impact

  • Intelligence must provide actionable insights or lead to significant progress in the investigation.

Feedback

  • Due to the complexity of verification, responses may take longer than standard vulnerability reports.

Bounty Details

High-Impact Intelligence ($1,000 - $5,000)

  • Personal ID evidence (email, phone, gov ID, home address).
  • On-chain & off-chain intelligence tying the hacker to real-world entities.
  • CEX account evidence linked to stolen funds.

Important data that directly identifies the attacker or connects them to individuals, groups, or APT organizations, or significantly increases the likelihood of recovering funds. This includes sensitive personal identification information (e.g., personal email, phone number, ID number, home address, social relationships) or CEX account information directly tied to the stolen assets.

Medium-Impact Intelligence ($500 - $2,000)

  • IP addresses, domain names, devices, or indirect attacker links.
  • Tracing reports connecting different laundering patterns.

Indirect intelligence that helps identify the attacker, such as IP addresses, domain names, or evidence that indirectly links the attacker to individuals, groups, or APT organizations.

Low-Impact Intelligence ($50 - $500)

  • Supplementary insights into attack techniques or blockchain movement analysis.

Additional Reward:

  • If stolen funds are recovered, contributors will receive a 10%-30% bounty of the value based on the significance of their contribution (at the discretion of forensic analysts).
  • All amounts shown per market price on [DATE] for relevance to the security incident in 2021

Legal & Ethical Considerations

  • All submitted intelligence must comply with applicable laws and ethical standards.
  • Do not engage in unauthorized access, exploitation of systems without consent, or any activity that violates the law.
  • Reports must not include personally identifiable information (PII) obtained through unlawful or unethical methods.
  • Rewards are subject to internal verification and compliance review.
  • High-value rewards may require Anti-Money Laundering (AML) and Know Your Customer (KYC) verification.

Rewards
Range of bounty$50 - $58,000,000
Severity
Critical
$0
High
$1,000 - $5,000
Medium
$500 - $2,000
Low
$50 - $500
Stats
Scope Review488
Submissions2
Total rewards$0
Hackers (2) View all
mahmadisha shaikh
1
Zakaria eddafry
2
SLA (Service Level Agreement)
Time within which the program's triage team must respond
Response TypeBusiness days
First Response0d
Triage Time0d
Reward Time0d
Resolution Time0d