The online casino MetaWin got hacked on November 3, losing around $4 million in the process. The CEO, Skel, mentioned that they’ve already covered the lost funds since the attack happened.
The hacker got into MetaWin’s hot wallets using a flaw in the easy withdrawal system, forcing the platform to stop withdrawals. Even so, the CEO said that 95% of customers could already withdraw their funds at the time of the update.
Crypto Hacks: Common Methods and Vulnerabilities
Hacks in the crypto world can happen in several ways, and they are often a result of vulnerabilities in the technology, poor security practices, or clever exploitation by hackers. Here’s a simple breakdown of how a hack can occur in the crypto space:
1. Smart Contract Vulnerabilities
- What is it? A smart contract is a piece of code on the blockchain that automatically executes certain actions when specific conditions are met. Many DeFi (Decentralized Finance) platforms and crypto projects run on smart contracts.
- How a Hack Happens: If there is a bug or vulnerability in the smart contract code, hackers can exploit it to drain funds or manipulate the contract in unexpected ways. For example, the infamous DAO hack in 2016 exploited a vulnerability in a smart contract, allowing the hacker to drain millions of dollars worth of Ethereum.
2. Phishing Attacks
- What is it? Phishing is when hackers trick people into giving away sensitive information, like private keys or login credentials, by pretending to be a legitimate entity.
- How a Hack Happens: Hackers send fake emails, create fake websites, or impersonate companies on social media to lure people into revealing their wallet details or passwords. Once they have access, they can steal funds from the victim’s crypto wallet.
3. Exchange Hacks
- What is it? Crypto exchanges are platforms where people trade cryptocurrencies. They often hold large amounts of funds in both crypto and fiat currencies.
- How a Hack Happens: If an exchange doesn’t have strong security measures, hackers can breach their systems and gain access to the funds stored on the platform. This can happen through vulnerabilities in the exchange’s code, weak security protocols, or even insider attacks.
4. Wallet Hacks
- What is it? Crypto wallets store your private keys, which are needed to access and manage your cryptocurrency.
- How a Hack Happens: If a wallet has weak security (for example, it’s not properly encrypted or it’s installed on a compromised device), hackers can gain access to your private keys and steal your funds. This is why using hardware wallets or wallets with strong security features is essential.
5. DNS Hijacking
- What is it? Domain Name System (DNS) hijacking is when hackers redirect traffic from a legitimate website to a fake one.
- How a Hack Happens: If a hacker gains control of the DNS settings of a crypto service or exchange, they can redirect users to a fake version of the site. When users login or perform transactions, hackers can steal their information or redirect their funds.
6. 51% Attacks
- What is it? A 51% attack occurs when a group of miners controls more than 50% of a blockchain network’s mining power or hash rate.
- How a Hack Happens: In this case, the attackers can double-spend coins, stop transactions from being confirmed, or even reverse completed transactions. While difficult and expensive to execute on major blockchains like Bitcoin or Ethereum, smaller blockchains are more vulnerable.
7. Rug Pulls
- What is it? A rug pull is when the developers of a crypto project suddenly abandon it and run off with investors’ funds.
- How a Hack Happens: Developers create a seemingly legitimate project and attract investments. Once a large amount of money is invested, they “pull the rug” by draining the funds and disappearing, leaving investors with worthless tokens.
8. Malware and Keyloggers
- What is it? Malware is malicious software designed to steal information or disrupt computer operations.
- How a Hack Happens: If a hacker manages to infect a victim’s device with malware or a keylogger, they can monitor keystrokes and steal private keys or wallet passwords. Always be cautious when downloading files or clicking on suspicious links.
9. Social Engineering Attacks
- What is it? Social engineering is when hackers trick or manipulate people into giving up sensitive information.
- How a Hack Happens: This can happen in various ways, like posing as customer support agents, creating fake urgent alerts, or even building trust over time before asking for wallet details.
The Online Casino Platform Metawin Got Hacked
The online casino MetaWin got hacked on November 3, losing around $4 million in the process. The CEO, Skel, mentioned that they’ve already covered the lost funds since the attack happened.
The hacker got into MetaWin’s hot wallets using a flaw in the easy withdrawal system, forcing the platform to stop withdrawals. Even so, the CEO said that 95% of customers could already withdraw their funds at the time of the update.
Crypto investigator ZackXBT found that the hacker transferred the stolen money to Kucoin and a HitBTC nested service. He even tracked down more than 115 wallet addresses tied to the hacker.
As of now, no one knows who the hacker is or why they did it. Cointelegraph tried to get a comment from MetaWin, but there was no response before the report was released.
While MetaWin had to pause withdrawals for a bit, they’re now back up, according to an update from Skelhorn on Discord. Skelhorn also mentioned they’ve already reported the whole situation to the authorities.
“We’re not gonna stress over it. The feds are handling it now, and we’ll make some internal tweaks to keep our players happy and keep the bad guys away,” Skelhorn said.
Earlier, he hinted that he covered the losses from the hack, saying, “I just broke open my piggy bank, but we’re not gonna dwell on it. We keep moving forward and building.”
The MetaWin hack is just the latest in a series of crypto security breaches. Back on October 16, Radiant Capital, a lending platform, got hit hard, losing $58 million.
A hacker managed to get hold of several private keys needed to approve transactions from Radiant’s multi-signature wallet.
Once the attacker had those keys, they gained control over Radiant’s smart contracts on both the BNB Chain and the Arbitrum network. This lets them transfer all the funds to their account.
Editor: Lydicius
