MetaWin Suffers $4 Million Hack, CEO Confirms Fund Recovery

MetaWin experienced a security breach on Nov. 3, resulting in a $4 million loss, but has since restored most user withdrawals and replenished affected funds.

MetaWin suffers $4 million hack

In recent months, the cryptocurrency sector has faced a steady stream of security challenges, with incidents ranging from platform exploits to sophisticated phishing schemes. October alone saw over $129 million lost to exit scams, flash loan attacks, and other vulnerabilities, placing the spotlight on the ongoing need for heightened security in digital finance. Notable cases include the recent $4 million hack of online casino MetaWin and the $50 million breach of lending protocol Radiant Capital. 

Metawin

MetaWin Exploit Drains $4M in Cyberattack, Restored Funds Reignite Debate on Hot Wallet Security in Crypto Casinos

On Nov. 3, the online casino platform MetaWin faced a cyberattack that drained approximately $4 million from its hot wallets. The hack exploited the platform's frictionless withdrawal system, prompting MetaWin to halt withdrawals temporarily. However, according to MetaWin's CEO Skel, the company has since "topped off" the funds, allowing 95% of users to resume withdrawals. 

The attack is a reminder of the ongoing challenges of cybersecurity in the crypto industry, especially for online platforms handling substantial volumes of digital assets. Despite swift action from MetaWin, the exploit raises concerns about the reliance on hot wallets and the risks associated with frictionless withdrawal mechanisms. The attack has drawn widespread attention, with blockchain sleuth ZackXBT uncovering key details about the hacker’s tactics and their trail on the blockchain.

The MetaWin hack stands out due to the method the hacker used to drain funds. According to CEO Skel, the attacker managed to penetrate MetaWin's hot wallets, leveraging vulnerabilities in the platform’s frictionless withdrawal system—a feature that facilitates swift fund transfers. While this setup enhances user experience by reducing waiting times, it also exposes hot wallets, which remain online and are thus susceptible to attacks.

Blockchain investigator ZackXBT followed the stolen funds’ trail, revealing that the hacker transferred portions of the assets to KuCoin and a nested service on HitBTC. The sleuth identified over 115 addresses linked to the hacker, painting a detailed picture of the exploit but still falling short of revealing the attacker’s identity. 

The MetaWin exploit is one of many high-profile cyberattacks targeting the crypto and decentralized finance (DeFi) sectors in recent months. 

Just days later, on Oct. 30, a sophisticated phishing campaign targeting several decentralized applications exploited vulnerabilities in the Lottie Player animation library. This exploit allowed threat actors to inject malicious phishing links on websites using Lottie Player, including platforms like 1inch and TEN Finance. Users who interacted with these links found themselves directed to phishing sites, where hackers drained their connected wallets using the "Ace Drainer" phishing software.

Another recent incident saw the M2 exchange, a crypto trading platform, lose $13 million in a hack that similarly involved a breach of the exchange’s hot wallets. 

Hot Wallets: Convenience vs. Security

Hot wallets, which store funds online for immediate accessibility, are widely used by exchanges, DeFi platforms, and online casinos like MetaWin due to their convenience. They allow seamless transactions, enhancing the user experience—essential for online casinos where rapid deposits and withdrawals are part of the business model. However, their very nature makes them a prime target for cyberattacks.

Cold wallets, by contrast, are stored offline and offer much stronger security against hacking attempts. Although not as convenient for rapid transactions, they significantly reduce the risk of unauthorized access, as they cannot be accessed over the internet. The MetaWin exploit is a reminder of the need for crypto platforms, especially those in high-risk sectors like online casinos, to reassess their security protocols, particularly the reliance on hot wallets.

Some experts advocate for hybrid wallet solutions, where a portion of funds is kept in cold storage for added security while maintaining enough in hot wallets to facilitate daily transactions. Others recommend a more cautious approach with multi-layered security protocols, including multi-signature wallets, to protect assets even in online-accessible wallets.

The MetaWin exploit has reignited discussions around security standards in the crypto space. As the decentralized ecosystem grows, so does the number of sophisticated attacks targeting high-value platforms. Online casinos, which handle frequent, large-volume transactions, are especially vulnerable, making enhanced security a pressing issue. Many in the crypto community argue that these platforms should adopt stricter safeguards, while others emphasize that users need to remain vigilant, as platforms can only do so much.

CEO Skel’s swift response to the hack, including the "top-off" of lost funds and the partial resumption of withdrawals, has garnered mixed reactions. Some applaud the transparency and timely action, but others question the platform’s security framework and whether it adequately protects user assets. This incident may push more online casinos and DeFi platforms to reevaluate their reliance on frictionless withdrawal systems and online wallets, as they balance customer experience with security risks.

a crypto hacker in front of a computer

Crypto Security Incidents Surge in October: Over $129 Million Lost to Exploits, Exit Scams, and Flash Loan Attacks

The recent MetaWin hack is part of a concerning trend in October that saw a sharp rise in cryptocurrency-related security incidents. During this month, a staggering $129.6 million was lost to various exploits, exit scams, and flash loan attacks, according to blockchain security firm CertiK. 

The majority of October’s losses stemmed from exploits, which accounted for $127 million of the total. Flash loan attacks, a prevalent issue in decentralized finance (DeFi), caused $1.5 million in damages, while exit scams contributed an additional $1.2 million in losses. The latest figures reveal a 2.91% month-on-month increase from September’s $123.4 million in losses. Though a concerning uptick, this is a stark 60% decline from May 2024, when losses peaked at $324.7 million.

The single largest incident in October involved the decentralized lending protocol Radiant Capital, which fell victim to a $50 million hack on Oct. 16. The protocol, which operates across BNB Chain and Arbitrum, was forced to halt its markets after hackers infiltrated its systems. According to Radiant’s post-mortem report, the attackers gained access to private keys and smart contracts by injecting malware into the devices of at least three of the protocol’s core developers.

After the attack, the protocol swiftly implemented enhanced security measures, including transferring protocol ownership into a timelock contract that enforces a 72-hour delay for any modifications. Radiant Capital resumed its Ethereum lending markets on Nov. 1, signaling a cautious return to normalcy after one of the largest hacks in its history.

The second-largest security incident in October involved a phishing attack targeting a high-value crypto wallet. On Oct. 11, an anonymous user fell victim to a phishing scheme, resulting in the loss of 15,079 fwDETH, valued at approximately $36 million. The attack exploited the user’s trust, prompting them to sign a malicious transaction that allowed the hacker to drain their wallet. 

Meanwhile, phishing attacks have become an increasingly common threat within the crypto space, as attackers use sophisticated methods to trick users into granting access to their assets.

Closing out October’s high-profile attacks was the hack on M2, a crypto exchange that lost $13.7 million from its hot wallets on Oct. 31. According to crypto investigator ZachXBT, the attackers managed to extract multiple assets, including Bitcoin (BTC), Ether (ETH), and Solana (SOL), directly from the exchange’s hot wallets.

M2 quickly announced that the “situation has been fully resolved” and that customer funds have been restored. While the swift recovery may have alleviated some user concerns, the incident has reignited discussions around the security of hot wallets.

Beyond large-scale exploits, October also saw an uptick in exit scams and flash loan attacks. Exit scams, which accounted for $1.2 million in losses, involve the outright disappearance of a project or its team, taking with them the funds they raised from investors or users. Flash loan attacks, which caused $1.5 million in losses, exploit loopholes in smart contract protocols to borrow and manipulate large sums of money without collateral, leading to artificial price manipulations and significant losses for DeFi platforms.

Flash loan attacks have emerged as one of the most challenging vulnerabilities to address, as they do not involve a breach of private keys or wallet systems but rather exploit the very protocols DeFi relies on. These attacks leverage the decentralized nature of the blockchain, creating a dilemma for developers who must balance openness with security.

Analyzing the Surge in Crypto-Related Losses

The escalation in crypto-related security incidents is evidence of both the growing sophistication of attackers and the industry’s increasing adoption. As crypto assets become mainstream, so does the appeal for bad actors looking to capitalize on platform vulnerabilities, user negligence, and even the codebase itself.

While October’s $129.6 million loss is less than May’s $324.7 million, the persistence of these incidents shows a need for the crypto industry to adopt more proactive and rigorous security standards. The prevalent use of hot wallets, decentralized mechanisms, and reliance on smart contracts means that vulnerabilities are inherent to the system, requiring continuous innovation to mitigate.

In response to these high-profile hacks, many DeFi and crypto platforms are reevaluating their security protocols. Radiant Capital’s timelock contract is one example of enhanced protection measures, as it forces a waiting period before any significant changes can be made. Other protocols have adopted multi-signature wallets and diversified wallet systems that split assets between hot and cold storage.

CertiK’s data indicates that platforms should not only invest in cybersecurity tools but also focus on user education. Many incidents, like phishing attacks, exploit human vulnerabilities rather than technological flaws, suggesting that a comprehensive security strategy should include educating users on best practices.