- CoinSpot, a major Australian crypto exchange, suffered a hack.
- The hack was facilitated through a compromised private key from CoinSpot’s hot wallet.
- Stolen funds were traced across multiple blockchains, involving 1,262 ether in two transactions on November 8.
Leading Australian cryptocurrency exchange CoinSpot was the victim of a hack resulting in over $2.4 million worth of ether being stolen, according to blockchain analysis.
The incident appears to have occurred via a compromised private key that enabled the hacker to withdraw funds from CoinSpot’s hot wallet. Analytics firms tracked the stolen funds as they were moved across multiple blockchains.
According to blockchain investigator ZachXBT, two transactions totaling 1,262 ether entered a suspicious wallet on November 8th. Cybersecurity company CertiK analyzed the activity and determined a CoinSpot hot wallet private key was likely compromised.
The recipient wallet then began transferring the ether across different blockchains in an apparent effort to obfuscate the money trail. Over 450 ether were swapped for bitcoin via Uniswap and Thorchain decentralized exchanges.
Hacked Bitcoin was split into smaller amounts
The hacked bitcoin was subsequently split into smaller amounts and sent to new wallets in a chain-hopping tactic commonly used by cybercriminals. This process spreads transactions across multiple addresses, making the stolen funds harder to track.
While the $2.4 million theft is minor compared to previous major crypto exchange hacks, the breach holds significance given CoinSpot’s standing in Australia.
Founded in 2013, CoinSpot serves over 2.5 million customers, according to its website. It is regulated by Australian financial crime watchdog AUSTRAC and received one of the country’s first digital currency exchange licenses.
The incident showcases that despite increased regulation, crypto platforms remain prone to security compromises like private key hacks. As adoption grows, hackers are likely to continue targeting exchanges holding customer funds.
It remains unclear if CoinSpot will cover user losses from the breach. The company had not publicly acknowledged the hack at the time of this writing. Many leading exchanges have insurance policies to protect user assets in the event of a successful attack.