Australian cryptocurrency exchange CoinSpot may have fallen victim to an exploit resulting in the loss of approximately $2 million worth of Ethereum (ETH).
Blockchain investigator ZachXBT shed light on the incident through his Telegram channel, raising concerns about the security of the exchange’s hot wallets.
On Nov. 8, ZachXBT made a revelation through his Telegram channel regarding two wallets associated with CoinSpot. In a matter of just five minutes, these wallets appeared to have been drained of more than 1,282 ETH, equivalent to around $2 million at the time.
The investigation conducted by ZachXBT uncovered two suspicious transactions entering the alleged hacker’s wallet. What followed was even more unsettling as the wallet owner proceeded to bridge the stolen funds to the Bitcoin (BTC) network using ThorChain and Wan Bridge.
CertiK, a leading blockchain security firm, pointed to a possible compromise of a private key linked to at least one of CoinSpot’s hot wallets as the likely root cause of this exploit.
In the first transaction, 1,262 ETH was swiftly transferred from CoinSpot’s wallet to an address believed to be controlled by the attacker. A second transaction followed, with 20.99 ETH sent to the same destination.
Further analysis of Etherscan data revealed that the recipient of these ill-gotten funds subsequently converted them into wrapped Bitcoin (WBTC), USDC, and USDT using various smart contracts on platforms such as Uniswap, THORchain, and WBTC.
Within the next 10 minutes, the address executed another transfer, converting 831 Ether into Bitcoin via ThorChain. The stolen Bitcoin was then spread across four different wallet addresses, as discovered by CertiK’s investigative data.
831 ETH has been bridged to BTC via THORChain. 451.7 ETH swapped for WBTC and transferred to Wan Bridge.
Source: https://t.co/k2yCnvtE8s
— CertiK Alert (@CertiKAlert) November 8, 2023
A closer examination of Bitcoin Explorer BTCScan data also indicated that the owners of these four Bitcoin wallets were systematically dividing the funds into smaller portions, a tactic commonly used by cyber attackers to hinder tracking efforts. This complexity makes it more challenging to trace the entirety of the stolen funds.
CoinSpot, which was founded in 2014, according to Crunchbase, had not experienced any significant hacks until this incident. However, in December 2021, the exchange’s users were targeted in a phishing attack, highlighting the increasing threats faced by cryptocurrency platforms.
As of now, CoinSpot has yet to issue an official response to the exploit, leaving questions about their plans to recover the lost funds unanswered.
The post Australian Crypto Exchange CoinSpot Loses $2M in Alleged Exploit appeared first on CryptoPotato.
—
Blog powered by G6
Disclaimer! A guest author has made this post. G6 has not checked the post. its content and attachments and under no circumstances will G6 be held responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from your use of or inability to use this website or any websites linked to it, or from your reliance on the information and material on this website, even if the G6 has been advised of the possibility of such damages in advance.
For any inquiries, please contact [email protected]
