'%3e%3cpath%20d='M12.4997%201.33325C10.39%201.33325%208.32772%201.95884%206.5736%203.13091C4.81947%204.30298%203.4523%205.96888%202.64496%207.91796C1.83763%209.86704%201.62639%2012.0118%202.03797%2014.0809C2.44955%2016.15%203.46545%2018.0506%204.95721%2019.5424C6.44897%2021.0342%208.34959%2022.0501%2010.4187%2022.4616C12.4878%2022.8732%2014.6326%2022.662%2016.5816%2021.8546C18.5307%2021.0473%2020.1966%2019.6801%2021.3687%2017.926C22.5408%2016.1719%2023.1663%2014.1096%2023.1663%2011.9999C23.1663%209.17094%2022.0425%206.45783%2020.0422%204.45745C18.0418%202.45706%2015.3287%201.33325%2012.4997%201.33325ZM12.4997%2021.3333C10.6537%2021.3333%208.84922%2020.7859%207.31436%2019.7603C5.7795%2018.7347%204.58322%2017.2771%203.8768%2015.5716C3.17039%2013.8662%202.98555%2011.9896%203.34568%2010.1791C3.70581%208.36859%204.59473%206.70554%205.90002%205.40025C7.20531%204.09496%208.86835%203.20605%2010.6788%202.84592C12.4893%202.48579%2014.3659%202.67063%2016.0714%203.37704C17.7768%204.08346%2019.2345%205.27974%2020.2601%206.8146C21.2856%208.34945%2021.833%2010.154%2021.833%2011.9999C21.833%2014.4753%2020.8497%2016.8492%2019.0993%2018.5996C17.349%2020.3499%2014.975%2021.3333%2012.4997%2021.3333Z'%20fill='white'/%3e%3cpath%20d='M19.167%208.06667C19.042%207.9425%2018.8731%207.8728%2018.697%207.8728C18.5208%207.8728%2018.3519%207.9425%2018.227%208.06667L10.8269%2015.4333L6.82695%2011.4333C6.70495%2011.3016%206.53562%2011.2237%206.35621%2011.2169C6.1768%2011.21%206.00201%2011.2747%205.87028%2011.3967C5.73856%2011.5187%205.66069%2011.688%205.65382%2011.8674C5.64694%2012.0468%205.71162%2012.2216%205.83362%2012.3533L10.8269%2017.3333L19.167%209.01333C19.2294%208.95136%2019.279%208.87762%2019.3129%208.79638C19.3467%208.71514%2019.3642%208.62801%2019.3642%208.54C19.3642%208.45199%2019.3467%208.36485%2019.3129%208.28361C19.279%208.20237%2019.2294%208.12864%2019.167%208.06667Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2790_31187'%3e%3crect%20width='24'%20height='24'%20fill='white'%20transform='translate(0.5)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Bug bounty 
Triaged by HackenproofBitmart Post-Incident Forensics Bounty Hunt: Program info
Bitmart Post-Incident Forensics Bounty Hunt
Company: BitMart ExchangeIn December 2021, BitMart Exchange experienced a significant security incident where hackers used stolen private keys to steal approximately $196 million worth of crypto assets from hot wallets.Affected assets included BTC, Ethereum, Binance Smart Chain tokens, and others.
This program seeks to identify those responsible for the BitMart breach, trace stolen assets, and facilitate fund recovery. Verified contributions will be rewarded, with additional bounties for successful recoveries. White-hat participants who provide verified key information will be eligible for rewards. A percentage of the recovered amount will be distributed as a bounty to those who made significant contributions.
Guidance for white hat detectives
BitMart Hack Bounty Program
Introduction
In December 2021, BitMart Exchange experienced a significant security incident where hackers used stolen private keys to steal approximately $196 million worth of crypto assets from hot wallets.Affected assets included BTC, Ethereum, Binance Smart Chain tokens, and others.
Key Fund Movements
- December 2021: Attackers converted most stolen assets into ETH & BNB and mixed them using Tornado Cash.
- December 2021: Stolen TRON funds were mixed via ChangeNOW and nrb.io.
- December 2021: Stolen VeChain funds were mixed via SimpleSwap.
- March 2024: Stolen BTC was mixed using Wasabi CoinJoin.
This program seeks to identify those responsible for the BitMart breach, trace stolen assets, and facilitate fund recovery. Verified contributions will be rewarded, with additional bounties for successful recoveries. White-hat participants who provide verified key information will be eligible for rewards. Additionally, if the stolen assets are successfully recovered, a percentage of the recovered amount will be distributed as a bounty to those who made significant contributions.
Scope
We seek verified intelligence related to the BitMart hot wallet theft on December 4, 2021 (UTC). This includes but is not limited to:
- Attacker identification (on-chain & off-chain ties, social links, CEX account traces).
- Transaction & fund flow analysis (on-chain tracing, mixing activity, laundering methods).
- Infrastructure details (IP addresses, domains, hosting services used).
- Other forensic evidence that contributes meaningfully to identifying the hacker(s).
Submissions lacking forensic value, repeating known data without new context, or providing unverifiable claims will not be eligible for rewards.
Known Information
Hacker Addresses
| Hacker Address | Type of Asset |
|---|---|
0x39fb0dcd13945b835d47410ae0de7181d3edf270 |
ETH |
0x4bb7d80282f5e0616705d7f832acfc59f89f7091 |
ETH |
0x8eafee3d0df538a1e04487a43239c1c73b50032d |
ETH |
0xAf631C6EebFC5Ff3a267788bafa52A18670D577c |
ETH |
0x132f8cEEfE9ea00e1DbC06b32f625864BA21d66c |
ETH |
0xC47A987521e2E646423ac92b1Eb0b3cB2193625D |
ETH |
0xa9e4332448318da58cdd398286c0809684ed9bd4 |
ETH |
0x402be63f5d8189f8027d429b8588df4f0aec9f53 |
ETH |
0xe68a520f67c0225b7856bb9496dfc6b476217256 |
ETH |
0xb4f8abad5d64f7132c74013569d55a6ac9bbaa1d |
ETH |
0xf082af2426ee0d626c75597649f8f8fe0b5fbeee |
ETH |
0x6723736dd131c0baed60d712d8e569fe6e9509b0 |
ETH |
0x041afe8c155997de612d69f3ff0287ae58504246 |
ETH |
0x25fb126b6c6b5c8ef732b86822fa0f0024e16c61 |
BSC |
3Nsop3FW7jjjTKd6MkLc6qjyWuAm9XLU81 |
BTC |
0x59E55AC0cb34358B9511bbB3f3C1327BD40523E5 |
AVAX |
bnb15r4fzmhjv54ncf4f0cvmjvadjgwffd93gf56qv |
Binance Chain |
TL1NRNDe3babg3zZywe8PC1tTMta1mqkTX |
TRON |
TBTPmRe7Lpjka6Koxr2v7CrAocCNGZKsW5 |
TRON |
TGScTPMkm3MDF8T3xpUzb7u3jXUV4qcBYm |
TRON |
0x673B380f1667b2f9A216Fd1eBB6225Ee75cC7d55 |
VeChain |
0xbb3fd383d1c5540e52ef0a7bcb9433375793aeaf |
VeChain |
0x6f39fa0096b075becdb2c46c62976e92f03ca104 |
VeChain |
0x8cbcc75678cd88e3d450941dcd3d27b560a6ecba |
THETA |
Attackers' IoC Information
- IP Addresses:
119.91.93.28(Discovered in Dec 2021)38.102.175.100(Discovered in Dec 2021)
- Mixing Services Used: Tornado Cash, ChangeNOW, SimpleSwap, Wasabi CoinJoin.
Rules and Guidelines
Accuracy
- Submissions must be verifiable, objective, and directly contribute to identifying the attacker or tracking stolen funds.
Details
Submissions should include:
- Blockchain transaction proofs (tx hashes, addresses, patterns).
- Cross-referenced intelligence (CEX account links, emails, IPs, domain history).
- Technical analysis (heuristics, mixing methods, transaction clustering).
- Chain of custody to ensure data integrity.
- A complete forensic intelligence clue chain.
- Supporting data that proves the intelligence's value.
- Specific methods, tools, or techniques used.
Originality
- Information must be original and not previously disclosed or made public.
Impact
- Intelligence must provide actionable insights or lead to significant progress in the investigation.
Feedback
- Due to the complexity of verification, responses may take longer than standard vulnerability reports.
Bounty Details
High-Impact Intelligence ($1,000 - $5,000)
- Personal ID evidence (email, phone, gov ID, home address).
- On-chain & off-chain intelligence tying the hacker to real-world entities.
- CEX account evidence linked to stolen funds.
Important data that directly identifies the attacker or connects them to individuals, groups, or APT organizations, or significantly increases the likelihood of recovering funds. This includes sensitive personal identification information (e.g., personal email, phone number, ID number, home address, social relationships) or CEX account information directly tied to the stolen assets.
Medium-Impact Intelligence ($500 - $2,000)
- IP addresses, domain names, devices, or indirect attacker links.
- Tracing reports connecting different laundering patterns.
Indirect intelligence that helps identify the attacker, such as IP addresses, domain names, or evidence that indirectly links the attacker to individuals, groups, or APT organizations.
Low-Impact Intelligence ($50 - $500)
- Supplementary insights into attack techniques or blockchain movement analysis.
Additional Reward:
- If stolen funds are recovered, contributors will receive a 10%-30% bounty of the value based on the significance of their contribution (at the discretion of forensic analysts).
- All amounts shown per market price on [DATE] for relevance to the security incident in 2021
Legal & Ethical Considerations
- All submitted intelligence must comply with applicable laws and ethical standards.
- Do not engage in unauthorized access, exploitation of systems without consent, or any activity that violates the law.
- Reports must not include personally identifiable information (PII) obtained through unlawful or unethical methods.
- Rewards are subject to internal verification and compliance review.
- High-value rewards may require Anti-Money Laundering (AML) and Know Your Customer (KYC) verification.
Rewards '%3e%3cpath%20d='M3%2021H24V24H0V0H3V21ZM6.75%2019.5C6.44587%2019.5006%206.14477%2019.4396%205.8649%2019.3205C5.58502%2019.2015%205.33219%2019.027%205.12167%2018.8075C4.91115%2018.588%204.74731%2018.3281%204.64006%2018.0435C4.5328%2017.7589%204.48436%2017.4555%204.49766%2017.1517C4.51095%2016.8478%204.58571%2016.5498%204.71741%2016.2757C4.84911%2016.0015%205.03502%2015.7569%205.2639%2015.5567C5.49279%2015.3564%205.7599%2015.2046%206.0491%2015.1105C6.3383%2015.0164%206.64358%2014.9818%206.9465%2015.009L9.3645%2010.9785C9.1434%2010.639%209.0181%2010.246%209.00182%209.84115C8.98554%209.43629%209.07888%209.03455%209.272%208.67835C9.46512%208.32215%209.75084%208.02471%2010.099%207.81743C10.4472%207.61016%2010.8448%207.50074%2011.25%207.50074C11.6552%207.50074%2012.0528%207.61016%2012.401%207.81743C12.7492%208.02471%2013.0349%208.32215%2013.228%208.67835C13.4211%209.03455%2013.5145%209.43629%2013.4982%209.84115C13.4819%2010.246%2013.3566%2010.639%2013.1355%2010.9785L15.5535%2015.009C15.6682%2014.9987%2015.7836%2014.9977%2015.8985%2015.006L19.8915%208.019C19.6046%207.59868%2019.4686%207.0935%2019.5058%206.58594C19.543%206.07837%2019.7511%205.59841%2020.0963%205.22442C20.4415%204.85043%2020.9032%204.60449%2021.4062%204.52678C21.9091%204.44906%2022.4236%204.54415%2022.8655%204.79653C23.3075%205.0489%2023.6508%205.44364%2023.8395%205.91631C24.0281%206.38897%2024.051%206.91163%2023.9043%207.39896C23.7576%207.88628%2023.45%208.30948%2023.0317%208.59945C22.6135%208.88942%2022.1093%209.02903%2021.6015%208.9955L17.6085%2015.9825C17.8379%2016.319%2017.9717%2016.7114%2017.9956%2017.118C18.0195%2017.5245%2017.9326%2017.9299%2017.7442%2018.291C17.5558%2018.652%2017.2729%2018.9552%2016.9258%2019.1681C16.5786%2019.381%2016.1802%2019.4957%2015.7729%2019.4999C15.3657%2019.5041%2014.965%2019.3978%2014.6134%2019.1922C14.2619%2018.9865%2013.9728%2018.6893%2013.7769%2018.3323C13.581%2017.9753%2013.4857%2017.5717%2013.5011%2017.1648C13.5165%2016.7578%2013.6421%2016.3627%2013.8645%2016.0215L11.4465%2011.991C11.3158%2012.0031%2011.1842%2012.0031%2011.0535%2011.991L8.6355%2016.0215C8.85679%2016.3611%208.98226%2016.7541%208.99864%2017.159C9.01503%2017.564%208.92172%2017.9659%208.72858%2018.3222C8.53544%2018.6785%208.24963%2018.9761%207.90137%2019.1834C7.5531%2019.3907%207.1553%2019.5001%206.75%2019.5Z'%20fill='%23050505'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_2777_6507'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
Stats 
Hackers (2) View all
