FTC Investigating 2021 Bitmart Hack

Reading Time: 2 minutes
  • The Federal Trade Commission is leading the investigation of the December 2021 Bitmart hack
  • Users lost $150-$200 million after an attack on the BSV blockchain led to a massive double spend
  • The FTC is responsible for looking out for consumers and has never handled a crypto case before

The Federal Trade Commission (FTC) is leading the investigation of a December 2021 hack on the Cayman Islands-registered Bitmart exchange, marking a first for the agency. According to Bloomberg, the FTC is investigating the breach, which saw between $150 million and $200 million of user funds, and sent civil subpoenas to the Bitmart operators three months ago, seeking details on what Bitmart told consumers about the security of their crypto assets and how the exchange has handled customer complaints.

FTC Takes First Steps Into the Crypto Swamp

The role of the FTC is to protect consumers and competition by “preventing anticompetitive, deceptive, and unfair business practices through law enforcement, advocacy, and education”.

Until the Bitmart case the agency had yet to get involved the crypto markets, but this has now changed thanks to a filing yesterday in which it was revealed that the FTC had denied a bid by BitMart operators Bachi.Tech Corporation and Spread Technologies LLC to block its efforts to compel them to turn over information.

The case itself relates to a 51% attack on the BSV blockchain in July 2021 which saw 91,000 BSV tokens created and sent to Bitmart, where 92 accounts were set up to receive the coins and sell them on the market before the attack could be halted. Bachi.Tech and Spread Technologies had argued that the FTC’s document request was overly broad and that some of the information was located overseas, but the FTC denied this and demanded that the companies hand over the documents.

New York Residents Affected

The reason why the FTC is involved in this particular case is because New York residents are known to be among the victims of the BSV double-spend attack, which is bad news for Bitmart, who presumably thought that locating itself in the Caymans would give it some kind of jurisdictional barrier with the U.S.
This clearly isn’t the case, with the FTC also investigating whether the Bitmart operators were complying with a second federal law that requires financial institutions to safeguard sensitive customer data.
If the FTC finds that Bitmart’s owners misled users about its cybersecurity protections or failed to comply with financial services laws, it can impose fines and put the company under a consent decree ordering them to change their practices.