WEB3
by Soumen Datta
November 4, 2024
The attacker targeted Metawin's Ethereum and Solana hot wallets, draining a substantial amount of funds.
Crypto casino Metawin recently faced a security breach, resulting in a loss of over $4 million, per blockchain investigator ZachXBT.
According to Metawin CEO Richard “Skel” Skelhorn, the hack targeted the platform’s withdrawal mechanism, which was designed for swift transactions. This “frictionless withdrawal system” allowed the hacker to access and drain funds from hot wallets tied to Ethereum and Solana.
As Skelhorn confirmed, this exploit led to the immediate suspension of withdrawals to prevent further losses. The platform has since re-enabled withdrawals for about 95% of users after securing its systems.
ZachXBT, known for tracing crypto exploits, collaborated with Metawin to assess the hack. The hacker accessed more than 115 addresses during the attack, showing a high level of technical skill.
Hot wallets, which are more vulnerable due to their continuous online connection, proved to be an entry point for the hacker’s operation.
Using blockchain forensics, ZachXBT tracked the stolen funds, revealing that they were routed through Kucoin and a nested service on HitBTC. This tactic is commonly employed to obscure the origin of funds, complicating recovery efforts.
Transferring assets into mixed or nested accounts further distances them from their original source, making it difficult to trace them.
The identity and motivation of the hacker remain unknown.
In response to the hack, Skelhorn assured users that his team is working tirelessly to fortify platform security. He acknowledged the incident on Metawin's Discord, confirming that authorities have been contacted and that the platform is making "internal adjustments" to prevent similar incidents.
Skelhorn also revealed that he personally covered part of the financial impact, sharing, “I just emptied my piggy bank… We keep building.”
The Metawin hack adds to a growing list of crypto security breaches this year. According to blockchain security firm CertiK, October alone saw $129.6 million in crypto losses from hacks, exit scams, and flash loan attacks.
Exploits accounted for the greatest share of stolen assets, with $127 million. This figure represents a slight increase from September but a notable decrease from the $324.7 million lost to hacks in May.
Among recent incidents, the Radiant Capital hack stands out as the largest, with the lending protocol losing over $50 million in assets. Other notable attacks include a $36-million phishing incident targeting a high-value investor and a $13-million hack on M2 crypto exchange.
Disclaimer
Disclaimer: The views expressed in this article do not necessarily represent the views of BSCNews. The information provided in this article is for educational and informational purposes only and should not be construed as investment advice. BSCNews assumes no responsibility for any investment decisions made based on the information provided in this article
Author
Soumen Datta
Soumen is an experienced writer in cryptocurrencies, DeFi, NFTs, and GameFi. He has been analyzing the space for the last several years and believes there is a lot of potential with blockchain technology, even though we are still at an early stage. In his spare time, Soumen enjoys playing his guitar and singing along. Soumen holds bags in BTC, ETH, BNB, MATIC, and ADA.
Latest News
November 4, 2024
Monday Recap: Coinbase Fee Controversies, Hamster Kombat’s Decline, and a $200K Bitcoin Prediction
November 4, 2024
Will Trump or Harris Propel BTC to New Heights?
November 4, 2024
Singapore MAS Announces Plans to Boost Asset Tokenization in Finance
November 4, 2024
Binance Co-Founder Yi He Denies Claims of High Listing Fees on the Exchange
November 4, 2024
Crypto Casino Metawin Hacked for $4M+ Due to Withdrawal System Exploit
November 2, 2024
Weekly Article Recap: 10/28-11/01
November 1, 2024
Injective Unveils AUSD: The First Native Stablecoin on Its Blockchain
November 1, 2024
Immutable Responds to SEC Wells Notice, Asserts IMX Token is Not a Security