Blockchain security firm CertiK believes the $2.4 million draining of a CoinSpot hot wallet is likely the result of a “private key compromise.”
Australian crypto exchange CoinSpot has reportedly been hacked for $2.4 million in a “probable private key compromise” over at least one of its hot wallets.
According to a Nov. 8 post to his Telegram channel, blockchain sleuth ZachXBT highlighted two transactions entering the alleged hackers wallet. Afterwards, the wallet’s owner bridged the funds to the Bitcoin (BTC) network via ThorChain and Wan Bridge.
In emailed comments to Cointelegraph, blockchain security firm CertiK said the alleged exploit was the result of a “probable private key compromise” on at least one CoinSpot hot wallet.
The owner of the wallet address that received the 1,262 ETH then began making a series of transfers. In two separate transactions, the wallet’s owner swapped 450 ETH for 24 Wrapped Bitcoin (WBTC) via Uniswap.
Within the next 10 minutes, the address swapped 831 ETH for Bitcoin via Thorchain, sending the Bitcoin to four different wallet addresses, according to CertiK investigative data viewed by Cointelegraph.
A search of Bitcoin explorer BTCScan data, showed the owner of the four Bitcoin wallets distributing the allegedly ill-gained BTC to multiple new wallets, transferring smaller divisions of the funds to additional new wallets each time.
This is a tactic commonly leveraged by attackers to prolong the investigation process — making it more difficult to track the entirety of the stolen funds.
CoinSpot was established in 2013 and currently stands as Australia’s largest crypto exchange by reported user numbers, serving around 2.5 million customers. The exchange is regulated by Australian financial watchdog AUSTRAC and was granted an Australian Digital Currency Exchange License by the regulator.
CoinSpot did immediately respond to a request for comment from Cointelegraph.