MetaWin Hack: Blockchain Investigator ZachXBT Collaborates with Platform to Trace Stolen Funds

Hackers targeted MetaWin's hot wallets on both the Ethereum and Solana blockchains, taking advantage of what CEO Richard “Skel” Skelhorn described as a “frictionless withdrawal system.”

Crypto casino platform MetaWin fell victim to a large-scale hack on November 10th, with attackers exploiting a vulnerability in the platform's "frictionless withdrawal system" to drain its hot wallets on both the Ethereum and Solana blockchains. This incident, quickly detected by the platform's team, prompted them to suspend all withdrawals to minimize further losses.

In a statement following the hack, MetaWin’s CEO Richard “Skel” Skelhorn reassured users that the stolen funds were being "topped off" and that the platform was working hard to restore account balances. According to the latest update, 95% of users had their withdrawal capabilities restored, minimizing service interruptions for most players. However, the platform's reputation has taken a hit, as the exploit highlights ongoing security challenges in the DeFi and crypto casino spaces.

Blockchain investigator ZachXBT, known for tracking crypto thefts, collaborated with Skelhorn to trace the path of the stolen funds. His investigation revealed that the funds had been transferred to both Kucoin and a nested service on HitBTC, a sophisticated attempt to obfuscate the trail. Through his analysis, ZachXBT identified more than 115 addresses associated with the attacker, suggesting an organized operation and possibly even multiple individuals involved in executing the exploit.

While the precise identity and motives of the hacker remain unknown, MetaWin has involved law enforcement and other investigative entities to pursue the case further. The platform's decision to involve the authorities indicates a commitment to both recovering stolen assets and deterring future attacks. This move is especially crucial given the recent wave of crypto hacks, where platforms targeted through hot wallet vulnerabilities and advanced phishing tactics have struggled to secure meaningful cooperation with law enforcement.

In a message to the community posted on Discord, Skelhorn struck a pragmatic but defiant tone. "We’re not gonna dwell on it. It's in the hands of the feds now, and we will make some internal adjustments to keep the players happy but the bad actors at bay," he said on Discord. Later, he added a personal note, hinting at his own financial commitment to the recovery process: "I just emptied my piggy bank, we don't dwell on it. We keep building.”

Hacks on the Rise

This breach is only the latest in a series of crypto hacks targeting hot wallets and exchange protocols. In mid-October, Radiant Capital lost $58 million in a sophisticated exploit involving stolen private keys. Soon after, on October 30th, a phishing attack compromised the widely used Lottie Player animation library, impacting platforms like 1inch and TEN Finance. More recently, M2 exchange suffered a $13 million breach under similar circumstances to MetaWin, with its hot wallets as the point of failure.

The MetaWin hack serves as a stark reminder of the risks inherent to hot wallet systems in DeFi and crypto applications, especially those involving real-time withdrawals. As platforms continue to balance usability with security, vulnerabilities like MetaWin's will likely remain attractive targets for well-organized cybercriminals. With an increasing number of exploits hitting high-profile platforms, industry leaders may face growing pressure to prioritize cryptographic security and rigorous risk assessment—ensuring that “frictionless” user experiences don't come at the cost of asset safety.

The above is the detailed content of MetaWin Hack: Blockchain Investigator ZachXBT Collaborates with Platform to Trace Stolen Funds. For more information, please follow other related articles on the PHP Chinese website!