Australian Crypto Exchange CoinSpot Loses $2M in Alleged Exploit

Australian cryptocurrency exchange CoinSpot may have fallen victim to an exploit resulting in the loss of approximately $2 million worth of Ethereum (ETH).

Blockchain investigator ZachXBT shed light on the incident through his Telegram channel, raising concerns about the security of the exchange’s hot wallets.

ZachXBT Unveils $2 Million CoinSpot Exploit

On Nov. 8, ZachXBT made a revelation through his Telegram channel regarding two wallets associated with CoinSpot. In a matter of just five minutes, these wallets appeared to have been drained of more than 1,282 ETH, equivalent to around $2 million at the time.

The investigation conducted by ZachXBT uncovered two suspicious transactions entering the alleged hacker’s wallet. What followed was even more unsettling as the wallet owner proceeded to bridge the stolen funds to the Bitcoin (BTC) network using ThorChain and Wan Bridge.

CertiK, a leading blockchain security firm, pointed to a possible compromise of a private key linked to at least one of CoinSpot’s hot wallets as the likely root cause of this exploit.

In the first transaction, 1,262 ETH was swiftly transferred from CoinSpot’s wallet to an address believed to be controlled by the attacker. A second transaction followed, with 20.99 ETH sent to the same destination.

Further analysis of Etherscan data revealed that the recipient of these ill-gotten funds subsequently converted them into wrapped Bitcoin (WBTC), USDC, and USDT using various smart contracts on platforms such as Uniswap, THORchain, and WBTC.

Unveiling the Cyber Attacker’s Tactics

Within the next 10 minutes, the address executed another transfer, converting 831 Ether into Bitcoin via ThorChain. The stolen Bitcoin was then spread across four different wallet addresses, as discovered by CertiK’s investigative data.

831 ETH has been bridged to BTC via THORChain. 451.7 ETH swapped for WBTC and transferred to Wan Bridge.

Source: https://t.co/k2yCnvtE8s

— CertiK Alert (@CertiKAlert) November 8, 2023

A closer examination of Bitcoin Explorer BTCScan data also indicated that the owners of these four Bitcoin wallets were systematically dividing the funds into smaller portions, a tactic commonly used by cyber attackers to hinder tracking efforts. This complexity makes it more challenging to trace the entirety of the stolen funds.

CoinSpot, which was founded in 2014, according to Crunchbase, had not experienced any significant hacks until this incident. However, in December 2021, the exchange’s users were targeted in a phishing attack, highlighting the increasing threats faced by cryptocurrency platforms.

As of now, CoinSpot has yet to issue an official response to the exploit, leaving questions about their plans to recover the lost funds unanswered.