The Australian cryptocurrency exchange CoinSpot has reportedly fallen victim to a cyberattack resulting in a loss of $2.4 million. This incident is suspected to be the consequence of a compromise in a private key associated with one of its hot wallets.
Blockchain investigator ZachXBT disclosed on November 8 through his Telegram channel that two transactions had been identified, directing funds to an alleged hacker’s wallet. Subsequently, the wallet’s owner utilized ThorChain and Wan Bridge to move the stolen funds to the Bitcoin (BTCUSD) network.
CertiK, a blockchain security firm, shared insights via email, indicating that the breach was likely due to a private key compromise within at least one of CoinSpot’s hot wallets.
Etherscan data revealed a transaction involving 1,262 Ether (ETHUSD), which, at the current market rates, amounts to $2.4 million. This transaction originated from a known CoinSpot wallet and was transferred to the suspected hacker’s wallet.
The owner of the receiving wallet then initiated a series of transfers. In two separate transactions, they exchanged 450 ETH for 24 Wrapped Bitcoin (WBTC) via Uniswap.
Within the next 10 minutes, the wallet owner exchanged 831 ETH for Bitcoin through Thorchain, subsequently distributing the Bitcoin to four distinct wallet addresses, according to investigative data from CertiK.
A review of Bitcoin Explorer BTCScan data showed that the owner of the four Bitcoin wallets engaged in the division and distribution of the allegedly ill-gotten Bitcoin to various new wallets. This tactic is frequently employed by attackers to complicate the tracking of the stolen funds, prolonging the investigation process.
CoinSpot, established in 2013, currently holds the distinction of being Australia’s largest cryptocurrency exchange, boasting approximately 2.5 million users. The exchange operates under the oversight of the Australian financial regulator AUSTRAC and holds an Australian Digital Currency Exchange License granted by the regulatory body.