Australian Crypto Exchange CoinSpot Loses $2 Million in Ethereum Exploit

According to CryptoPotato, Australian cryptocurrency exchange CoinSpot may have suffered an exploit resulting in the loss of approximately $2 million worth of Ethereum (ETH). Blockchain investigator ZachXBT revealed the incident through his Telegram channel, raising concerns about the security of the exchange's hot wallets. On November 8, ZachXBT reported that two wallets associated with CoinSpot were drained of more than 1,282 ETH in just five minutes. The investigation uncovered two suspicious transactions entering the alleged hacker's wallet. The wallet owner then bridged the stolen funds to the Bitcoin (BTC) network using ThorChain and Wan Bridge. CertiK, a leading blockchain security firm, suggested that a possible compromise of a private key linked to at least one of CoinSpot's hot wallets was the likely cause of this exploit. In the first transaction, 1,262 ETH was transferred from CoinSpot's wallet to an address believed to be controlled by the attacker. A second transaction followed, with 20.99 ETH sent to the same destination. The recipient of these funds subsequently converted them into wrapped Bitcoin (WBTC), USDC, and USDT using various smart contracts on platforms such as Uniswap, THORchain, and WBTC. The stolen Bitcoin was then spread across four different wallet addresses, making it more challenging to trace the entirety of the stolen funds. CoinSpot, founded in 2014, had not experienced any significant hacks until this incident. However, in December 2021, the exchange's users were targeted in a phishing attack, highlighting the increasing threats faced by cryptocurrency platforms. As of now, CoinSpot has yet to issue an official response to the exploit, leaving questions about their plans to recover the lost funds unanswered.