Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 067Private Key Compromise

AscendEX Hot Wallet Heist

Attacker drained $77.7M across 78 ERC-20 tokens from AscendEX hot wallets on Ethereum, BSC and Polygon, tied to a third-party hardware-level vulnerability.

Date
Victim
AscendEX
Chain(s)
EthereumBNB ChainPolygon
Status
Funds Stolen

On December 11, 2021, the Singapore-based exchange AscendEX (formerly BitMax) lost approximately $77.7 million when its hot wallets across three chains were drained in a single coordinated sweep. The breakdown: $60M on Ethereum, $9.2M on BNB Chain, $8.5M on Polygon, spread across 78 different ERC-20 tokens including TARA, USDT/USDC, BNB and MATIC.

What happened

AscendEX's post-incident audit concluded that the compromise was at the hardware level — specifically, a vulnerability in third-party infrastructure that AscendEX used to manage hot-wallet signing. The exchange did not publicly name the affected vendor or hardware platform.

The on-chain pattern was a coordinated multi-chain sweep, with simultaneous outflows from all three affected wallets within a tight time window. The breadth of token types and chains suggested the attacker held complete signing authority over the relevant hot-wallet infrastructure — consistent with a key-management-system compromise rather than per-chain credential theft.

Aftermath

  • AscendEX paused withdrawals and used corporate reserves to fully reimburse affected users.
  • The exchange deployed new hot wallet infrastructure with multi-signature controls, expanded 2FA gates on internal operations, and committed to keeping 90% of customer assets in cold storage.
  • The bulk of stolen funds was laundered through cross-chain bridges and mixers.

Why it matters

AscendEX is one of several 2021 exchange compromises that pointed at third-party signing-infrastructure risk as a recurring exposure point. The lesson — that operational custody is only as secure as the vendor and hardware stack supporting it — was reinforced repeatedly through the following years at Crypto.com, Liquid Global, Bitmart, BingX, Phemex and others. The defensive response — HSM-isolated per-service signing, withdrawal-velocity circuit breakers, anomaly detection on simultaneous multi-chain outflows — has slowly become baseline custody practice but was not universal at the time.

Sources & on-chain evidence

  1. [01]coindesk.comhttps://www.coindesk.com/business/2021/12/13/crypto-exchange-ascendex-hacked-losses-estimated-at-77m
  2. [02]beincrypto.comhttps://beincrypto.com/ascendex-hacked-77-7m-lost-from-hot-wallets/
  3. [03]merklescience.comhttps://www.merklescience.com/blog/hack-track-ascendex-attack-recent-fund-movement-analysis

Related filings