Reports indicate that Australian cryptocurrency exchange CoinSpot recently fell victim to a security breach, wherein roughly $2 million (USD) in funds were stolen. The private key exploit was first accounted for on November 8, with large transactions of Ethereum ($ETH) tracked moving into an unidentified threat actor's wallet.
CoinSpot has not issued an official statement on the matter. Meanwhile, initial investigations reveal that unauthorized transfers of approximately 1,262 , valued around $2.4 million, were initiated from a CoinSpot hot wallet. The misappropriated assets were then routed via ThorChain and Wan Bridge to the Bitcoin (BTC) network. Following this, the stolen resources were exchanged for 24 Wrapped Bitcoin (WBTC) through Uniswap, and subsequently converted to Bitcoin and spread across four separate addresses.
, a globally recognized blockchain security firm, confirms that the breach took place swiftly. The attack vector suggests the threat actor's expertise in leveraging private key vulnerabilities and their thorough planning that enabled the rapid execution of the heist. Further study also indicates the hackers' methodological ploy to hinder tracking by splitting the stolen funds into smaller proportions and allocating them among various digital wallets.
For researchers and cybersecurity firms, untangling the intricate network of blockchain transactions presents numerous challenges, which get compounded with every new transaction, making the stolen funds more challenging to trace. This means that threat actors employ advanced blockchain forensics to unravel the sophisticated hack.
, which has been in operation since 2013, serves a substantial user base of approximately 2.5 million, with support for over 400 cryptocurrencies. The exchange ensures its operation under the rigorous guidelines set by the Australian financial regulatory institution, AUSTRAC.
