Online casino platform MetaWin suffered an exploit on November 3, leaving the platform drained of approximately $4 million in funds, which the CEO says have been “topped off” since the attack.
According to MetaWin CEO Skel, the attacker hacked MetaWin’s hot wallets via the platform’s frictionless withdrawal system — prompting the platform to halt withdrawals. However, the CEO also said that withdrawals were restored for 95% of the platform’s customers at the time of writing.
Onchain sleuth ZackXBT also revealed that the attacker moved the stolen funds to Kucoin and a HitBTC nested service. The detective also identified more than 115 addresses associated with the malicious actor.
At this point, the hacker’s identity and the motivation behind the exploit are currently unknown. Cointelegraph reached out to MetaWin for comment but could not obtain a response by the time of publication.
A message from MetaWin CEO Skel. Source: ZackXBT
Related: October crypto losses reach $129M from hacks and exit scams
The most recent hacks and losses
The MetaWin hack is merely the latest cybersecurity attack in the crypto world. On Oct. 16, the lending platform Radiant Capital was exploited for $58 million after a malicious actor gained access to several of the private keys required to sign transactions from Radiant’s multi-signature wallet.
Once the attacker obtained the private keys, they took control of Radiant smart contracts on the BNB Chain and the Arbitrum network — allowing the hacker to transfer the funds to themselves.
Several decentralized applications fell prey to a sophisticated phishing attack on Oct. 30 that compromised the popular Lottie Player animation library used by many websites and tech companies.
Exploiting the Lottie animation library allowed the threat actors to display malicious phishing links featured as seemingly benign elements on the web pages of 1inch, TEN Finance, and others.
Unsuspecting users who clicked on the fraudulent links were directed to connect their wallets, which were then drained of funds using the infamous “Ace Drainer” phishing software.
More recently, the M2 exchange was hacked for $13 million. Like the recent Metawin exploit, the M2 exchange suffered a breach of the exchange’s hot wallets — which are connected to the internet and can be remotely accessed by anyone with enough technical knowledge.
Magazine: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug: Crypto-Sec