Blockchain security firm CertiK believes the $2.4 million draining of a CoinSpot hot wallet is likely the result of a “private key compromise.”
The Australian cryptocurrency exchange CoinSpot has reportedly fallen victim to a hack, resulting in a loss of $2.4 million. The breach is believed to be due to a likely compromise of the private key associated with one of the exchange's hot wallets.
Blockchain investigator ZachXBT brought attention to two transactions that deposited funds into the wallet linked to the alleged hacker. Subsequently, the owner of the wallet transferred the assets to the Bitcoin network via THORChain and Wan Bridge.
CertiK, a blockchain security firm, confirmed that the exploit was likely the result of a private key compromise in at least one of CoinSpot's hot wallets.
Etherscan data reveals that a transaction of 1,262 Ether, equivalent to $2.4 million at current prices, was sent from a known CoinSpot wallet to the wallet associated with the alleged hacker.
Subsequently, the individual in control of the recipient wallet initiated a sequence of transactions. In two distinct transfers, they exchanged 450 ETH for 24 Wrapped Bitcoin (WBTC) tokens using the Uniswap decentralized exchange.
In the subsequent 10 minutes, the wallet address executed an exchange of 831 ETH for Bitcoin using THORChain and distributed the Bitcoin across four distinct wallet addresses, as reported by CertiK's investigative data, which Cointelegraph reviewed.
A review of Bitcoin explorer BTCScan data revealed that the owners of the four Bitcoin wallets systematically sent portions of the allegedly ill-gotten BTC to numerous new wallets, repeatedly dividing the funds into smaller portions and transferring them to further new wallets.
This strategy is a common tactic employed by wrongdoers to complicate the investigative process, making it more challenging to trace the entire sum of the stolen funds.
CoinSpot, established in 2013, currently holds the title of Australia's largest crypto exchange based on reported user figures, catering to approximately 2.5 million customers. The exchange operates under the regulations of the Australian financial authority, the Australian Transaction Reports and Analysis Centre (AUSTRAC), and holds an Australian Digital Currency Exchange License granted by the regulator.
CoinSpot did not provide an immediate response to Cointelegraph's request for comment.