Hackers Steal $4 Million in Crypto from Metawin Users’ Wallets
The crypto world recently faced another severe security incident: hackers breached Metawin Casino's wallets, stealing $4 million worth of Ethereum and Solana. This attack highlights vulnerabilities in online crypto casinos, particularly with the use of hot wallets.
How the Attack Occurred Richard Skelhorn, CEO of Metawin Casino, announced on November 3 that hackers had exploited the platform’s hot wallets. According to Skelhorn, the attackers took advantage of the platform’s “frictionless” withdrawal system, which allowed them to initiate rapid withdrawal requests in succession, bypassing regular security checks. To execute the theft, the hackers used 115 different Ethereum and Solana wallet addresses.
Blockchain investigator ZachXBT shared details on Telegram, explaining how the attack unfolded. The hackers leveraged frictionless withdrawals to quickly place transactions, bypassing the usual security mechanisms and extracting significant sums. The stolen assets were partially transferred to KuCoin and HitBTC’s hidden service.
Metawin Casino’s Immediate Response In response to the attack, Metawin Casino swiftly implemented security measures to restore platform integrity. As a first step, they temporarily halted withdrawals to prevent further losses and allowed security experts to analyze the attack thoroughly. Skelhorn publicly stated that “every user who incurred losses will be fully compensated.”
In a statement on Metawin’s Discord server, Skelhorn committed to covering the $4 million loss from the company’s own funds, ensuring affected customers will recover their lost assets. He also mentioned that the company is cooperating with authorities to retrieve the stolen funds.
The Security Risks of Hot Wallets: Lessons for the Crypto World The Metawin Casino incident underscores the security risks associated with hot wallets. Hot wallets are digital storage solutions connected to the internet, allowing quick and convenient transaction access. However, because these wallets are always online, they are more susceptible to hacks.
Convenience features like frictionless withdrawals simplify transactions for users but also offer attackers opportunities to exploit system vulnerabilities. Due to the growing frequency of such attacks, many crypto platforms are considering limiting hot wallet usage or transitioning to cold wallets, which are offline and significantly reduce risk for both platforms and users.
Takeaways from 2024’s Crypto Hacks The year 2024 has already seen several major crypto attacks, and more may follow. In May, Japan’s DMM Bitcoin faced the industry’s third-largest hack, with users losing $308 million. North Korean hackers have also intensified their activity in recent years, with some even infiltrating crypto companies as employees to gain easier access to digital assets.
The Metawin Casino hack serves as a cautionary tale for the entire crypto community. While hot wallets and quick withdrawal functions undoubtedly provide a smooth user experience, crypto service providers may need to consider cold wallets for enhanced security.
To keep pace with the evolving methods of attackers, platforms must prioritize the effectiveness of their security measures to prevent large-scale thefts and attacks in the future.