According to reports, CoinSpot, an Australian crypto exchange, has reportedly experienced a loss of $2.4 million in what appears to be a hot wallet hack. CertiK, a blockchain security firm, believes that the funds were taken from a compromised private key associated with a CoinSpot hot wallet.
On November 8th, blockchain investigator ZachXBT shared on his Telegram channel that two transactions were observed entering the wallet of the suspected hacker. Subsequently, the hacker transferred the funds through THORChain and Wan Bridge onto the Bitcoin network.
CertiK has determined that the exploit on CoinSpot likely occurred due to the compromise of a private key linked to one of the exchange’s hot wallets. Data from Etherscan, shows that 1,262 ETH from a known CoinSpot wallet went to the hacker’s wallet.
After receiving the token, the owner of the wallet address that received the 1,262 ETH started making different transactions. The owner of the wallet made two separate transactions on Uniswap, swapping 450 ETH for 24 Wrapped Bitcoin (WBTC).
Investigative data from CertiK reveals that within the next 10 minutes, the same address swapped 831 ETH for Bitcoin via THORChain and sent the Bitcoin to four different wallet addresses.
A search of Bitcoin Explorer BTCScan data showed that the hacker sent the Bitcoin to multiple wallets and then subdivided it into even smaller amounts. Attackers often split stolen funds into small amounts to make tracing more difficult.
CoinSpot, founded in 2013, boasts a user base of 2.5 million. It operates under the regulation of the Australian Transaction Reports and Analysis Centre.
Regulators are working to address the escalating number of crypto hacks. For instance, Platypus fell victim to an attack where malicious actors deployed a contract that manipulated the token balance in the LenderStableReward ERC20 contract, leading to a loss of $2.23 million. These incidents have heightened concerns about the security of cryptocurrency platforms, prompting regulators to explore measures to protect users.
Read also: CEO of NYM discusses how NYM Mixnet will transform online privacy