Crypto exchange CoinSpot has reportedly suffered a $2 million hot wallet hack
Australian crypto exchange CoinSpot has reportedly been hacked for $2.4 million in a “possible private key compromise” on at least one of its hot wallets.
According to a post on his Telegram channel on November 8, blockchain sleuth ZachXBT highlighted two transactions that went into the suspected hacker's wallet. After that, the wallet owner connects the funds to the Bitcoin (BTC) network via THORChain and OneBridge.
In comments emailed to Cointelegraph, blockchain security firm Certike said the alleged exploit was the result of a “private key compromise” on at least one CoinSpot hot wallet.
According to data from EtherScan, a total of 1,262 Ether (ETH) transactions — $2.4 million in current value — came from a known CoinSpot wallet and entered the hacker's wallet.
The owner of the wallet address that received 1,262 ETH started making a series of transfers. In two separate transactions, the wallet owner exchanged 450 ETH for 24 bundles of Bitcoin (WBTC) on Uniswap.
Related: Apple macOS malware targets crypto community and engineers
Over the next 10 minutes, the address exchanged 831 ETH for Bitcoin on THORChain and sent the Bitcoin to four different wallet addresses, according to Certike investigation data seen by Cointelegraph.
A search of Bitcoin explorer BTCScan data revealed that the owner of the four Bitcoin wallets was distributing the ill-gotten BTC to multiple new wallets, transferring smaller portions of the funds to more new wallets.
This is a technique often used by attackers to prolong the investigation process – making it difficult to fully trace the stolen funds.
CoinSpot was founded in In 2013, it is currently Australia's largest crypto exchange by registered user numbers, serving around 2.5 million customers. The exchange is regulated by the Australian Financial Regulator, the Australian Transaction Reports and Analysis Center and is licensed by the regulator Australian Digital Currency Exchange.
CoinSpot immediately responded to a request for comment from Cointelegraph.
Magazine: Beyond Crypto – Zero-Knowledge Proofs From Voting to Finance
