Last updated:
Crypto casino platform Metawin lost $4 million from its Ethereum and Solana hot wallets in a hack on November 3.
Flagged by crypto sleuth ZachXBT, the stolen funds have been transferred to Kucoin and a HitBTC nested service so far.
According to the crypto casino Metawin CEO Richard Skelhorn, the attacker exploited the platform’s “frictionless withdrawal system.” In a message on Discord, he noted that the platform temporarily paused withdrawals to access and secure systems.
“Withdrawals have been re-enabled for 95% of users, with final checks underway for the remaining accounts”, he added.
Meanwhile, ZachXBT pegged the stolen amount with 115+ theft addresses tied to the hack. At this point, the motive of the attack nor the attacker’s identity is known.
Following the hack, CEO Skelhorn noted that the platform is in the process of “topping up wallet balances.”
“We will also be implementing additional security controls for new users, while also exploring ways to maintain a flexible and seamless experience for our trusted community.”
The attack was a “challenge” to the Metawin and its community, he added. “We’re learning from it and will emerge stronger.”
Later, in an updated status, Skelhorn emphasised the company will make some “internal adjustments” to keep bad actors at bay. “I just emptied my piggy bank, we don’t dwell on it. We keep building.”
Crypto Hacks Cost Over $129M in October: CertiK
The crypto casino hack is the latest among the recent wave of high-profile cyber-attacks in the DeFi space, including the most recent Radiant Capital exploit.
Per blockchain security firm CertiK, security breaches like scams and hacks have pushed crypto losses to $129.6 million in October.
CertiK data revealed that exit scams led to $1.2 million in losses, followed by flash loan attacks causing $1.5 million losses in crypto.
On October 16, Binance-backed blockchain protocol Radiant Capital suffered over $50 million in a crypto heist, stealing various cryptocurrencies. The attackers apparently gained control of three out of eleven private keys needed for protocol upgrades.
Further, a phishing attack occurred on October 30, affecting several decentralized applications. The attack compromised the popular Lottie Player animation library, which is used by many tech companies.