Australian cryptocurrency exchange CoinSpot has reportedly fallen victim to a $2.4 million hack, believed to have resulted from a “probable private key compromise” on at least one of its hot wallets. Blockchain sleuth ZachXBT identified two transactions leading to the alleged hacker’s wallet, which later bridged the funds to the Bitcoin network via ThorChain and Wan Bridge.
In response to the incident that happened in the crypto industry, blockchain security firm CertiK indicated that the exploit likely stemmed from a “probable private key compromise” on a CoinSpot hot wallet. According to Etherscan data, a transaction involving 1,262 Ether (ETH), valued at $2.4 million, originated from a known CoinSpot wallet and was transferred to the alleged hacker’s wallet. This scam in the crypto industry impacted the investors of the global marketplace.
The recipient of the 1,262 ETH proceeded to conduct a series of transactions, including swapping 450 ETH for 24 Wrapped Bitcoin (WBTC) via Uniswap. Subsequently, the wallet owner exchanged 831 ETH for Bitcoin through Thorchain, dispersing the Bitcoin to four different wallet addresses.
Crypto Platform Investigations In This Hack
CertiK, a smart contract auditor in the crypto sphere, revealed that the owner of these Bitcoin wallets engaged in a tactic commonly employed by attackers to complicate investigations. The allegedly ill-gained BTC was distributed among multiple new wallets, with smaller divisions of the funds transferred to additional new wallets each time.
Established in 2013, CoinSpot is currently Australia’s largest crypto exchange, boasting around 2.5 million reported users. The exchange is regulated by the Australian financial watchdog AUSTRAC and holds an Australian Digital Currency Exchange License granted by the regulator.
In October, cybercriminals of crypto successfully exploited weaknesses in the decentralized Onyx Protocol, resulting in the theft of assets exceeding $2 million.
Experts suggest that the assailant depleted Onyx’s liquidity by taking advantage of a vulnerability within the protocol’s code base, identified as a loss of precision. The exploit, in particular, involved the utilization of integer rounding facilitated by flash credit.