Crypto Exchange CoinSpot Reportedly Suffers $2.4 Million Hot Wallet Hack

November 8, 2023

Summary #

On November 8, 2023, the Australian crypto exchange, CoinSpot, experienced an attack on two of its hot wallets, resulting in more than $2.4 million in losses due to a private key leak. The recipient of these funds exchanged them using platforms THORchain and Wan Bridge before exchanging them for Bitcoin using Uniswap and spreading them into four wallets. The Australian financial authority, AUSTRAC, is actively addressing the security breach because the amount stolen is more than $10,000.

Attackers #

The attacker has yet to be identified. The stolen Ether was transferred into the following Bitcoin wallets.

Bc1qfsm2vhhurrq54w40z8vasjkfhxrvsvysjk9jug
Bc1qzl2s7ajehkpu9wdqewg5xqy8nzxv7njctvrqzx
Bc1q49d37gnmdu4p77n9j8c7ytrv30xrrue50r88lh
bc1qtj29wrm56r0lvhqufsju9pr0vakj8uwd38p4gj

Losses #

CoinSpot lost 1,262 ETH, worth $2,400,000 USD at the time of the attack. It is currently unknown if any additional wallets have been affected.

Timeline #

November 8, 2023, 06:16 PM UTC: Initial transactions take place.
November 8, 2023, 08:01 PM UTC: ZackLBT announces hack on Telegram.
November 9, 2023, 06:25 AM UTC: Cointelegraph posts the exploit on X suggesting the hack was due to a private key leak.
November 10, 2023, 03:29 PM UTC: The Financial Review confirms the funds have been reported stolen to Chainalysis.

Security Failure Causes #

The successful attack on CoinSpot, resulting in a $2 million theft, can be attributed to several fundamental security IT failures:

Private Key Exploitation: The attacker accessed CoinSpot’s funds by exploiting vulnerabilities associated with the private key of a hot wallet.
Lack of Effective Anomaly Detection: The system failed to detect unauthorized transactions in real-time, allowing the theft to occur without immediate detection.
Inadequate Asset Transfer Monitoring: The stolen funds were quickly moved and laundered through multiple exchanges and converted to Bitcoin, indicating a lack of monitoring and control over asset transfers.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam