Metawin Casino, a crypto gaming website, has suffered at the hands of hackers, losing $4m from its Ethereum and Solana cryptocurrency hot wallets. A hot wallet refers to the online storage of cryptocurrencies that can be accessed virtually.
Hot wallets are generally considered to be a higher-risk way of storing funds due to the frequency of hacking attacks against hot wallets, the present case included. The attack against the popular online casino was carried out on Sunday, November 3, and exploited the operator’s withdrawal system.
Because of the fast withdrawal options set in place set by the casino, the hackers were able to drain a combined total of $4m worth of Ethereum and Solana tokens in seconds.
1/ Another day, another hack — #MetaWin gets drained of $4M through its hot wallet.
— Kokonachi (@KokonachiC) November 4, 2024
Wild how frequent these exploits are, with October alone racking up $129M in losses.
But here’s the bright side: shoutout to on-chain detective @zachxbt for doing what he does best.… pic.twitter.com/N78l1YgWQO
The funds have been tracked to KuCoin and HitBTC.The operator confirmed the case, which was also flagged by ZachXBT, a popular crypto world sleuth who has been tracking nefarious activity for a very long time and has helped track where the stolen funds have been moved.
A total of 115 crypto wallets have been complicit with the attack, ZachXBT determined, which is a traditional strategy used by crypto criminals who try to further obfuscate the origins of hot crypto, referring to stolen funds.
However, the peer-to-peer nature of most blockchain-powered cryptocurrency means that there can never be a deletion of records, allowing people like ZachXBT and law enforcement to continue tracking criminals.
Responding to the security incident, Metawin CEO Richard Skelhorn said that the casino briefly shut down its withdrawal system but soon reenabled it for some 95% of all users. More checks are being conducted on withdrawal as of right now.
"We’re in the process of topping up wallet balances now. We’ll also be implementing additional security controls for new users, while also exploring ways to maintain a flexible and seamless experience for our trusted community," Skelhorn added, signaling that the casino will not sit idly by and not let anyone, but the operator pick up the bill for the hack.
In fact, Skelhorn says that the missing $4m has been made up for from his personal finances, with him "emptying" his "piggy bank" to make sure that balances remain intact.
Additional security measures have been rolled in. The case has already been referred to "the feds," suggesting that the Federal Bureau of Investigation has been notified, as Skelhorn confirmed for ZachXBT who sought input from the chief executive.
"We keep building," the CEO told ZachXBT, confident that better times lie ahead.
Image credit: Unsplash.com