AscendEX Security Breach - December 12, 2021
Overview
AscendEX, a centralized exchange operated by former Wall Street quantitative traders, suffered a significant security incident resulting in the theft of approximately $77.7 million from their hot wallet.
What Happened
Funds were drained from AscendEX's hot wallet across three blockchain networks beginning at approximately 8 PM UTC on December 11, 2021. The exchange subsequently suspended withdrawals while promising full reimbursement to affected users.
Technical Root Cause
AscendEX attributed the incident to "compromised" private keys but provided no detailed explanation of how the compromise occurred.
Attack Vector
The attacker gained unauthorized access to the exchange's hot wallet infrastructure, enabling fund transfers across multiple chains simultaneously.
Financial Impact
Ethereum: $60 million stolen
BSC: $9.2 million stolen
Polygon: $8.5 million stolen
Total: $77.7 million
One stolen asset (Bemil Coin) experienced a 98% price decline, reducing the attacker's BSC holdings by approximately $6.5 million in value.
Stolen Asset Addresses
Ethereum: 0x2c6900b24221de2b4a45c8c89482fff96ffb7e55
BSC: 0x2C6900b24221dE2B4A45c8c89482fFF96FFB7E55
Polygon: 0x2C6900b24221dE2B4A45c8c89482fFF96FFB7E55
Remediation
AscendEX committed to reimbursing all affected users.