On November 3, online crypto casino platform MetaWin suffered a security breach, losing approximately $4 million from its hot wallets.
MetaWin CEO Richard “Skel” Skelhorn announced that funds had been “topped off” following the attack. Still, MetaWin temporarily paused withdrawals to protect user funds but has since restored withdrawals for about 95% of its customers.
The breach was facilitated through MetaWin’s frictionless withdrawal system, allowing the attacker to access both Ethereum (ETH) and Solana (SOL) hot wallets. Blockchain investigator ZachXBT tracked the hacker’s movement of the stolen funds to KuCoin exchange and a nested service on HitBTC, identifying 115 wallet addresses connected to the malicious actor.
According to Skelhorn, MetaWin has since “contacted authorities,” and the case is now in the hands of federal investigators.
In a message shared by ZachXBT, Skelhorn informed users, “We’re not gonna dwell on it. It’s in the hands of the feds now…we will make some internal adjustments to keep the players happy but the bad actors at bay.” He also said that he used his own money to cover some of the losses, saying, “I just emptied my piggy bank… We keep building.”
MetaWin’s incident is one in a series of recent high-profile attacks in the crypto sector. Last month, DeFi platform Radiant Capital suffered a $58 million loss when hackers exploited vulnerabilities in its multi-signature wallets on the BNB Chain and Arbitrum networks. Recently, another platform, the M2 exchange, lost $13 million when hackers accessed its hot wallets.
Moreover, the crypto security landscape has been under intense scrutiny, with October 2024 reporting 20 major exploits totaling losses of approximately $88.47 million.
Also Read: Hacker Returns $19M After U.S. Govt Crypto Wallet Breach