Metawin

Quick Summary

On November 3, 2024, MetaWin, a prominent online crypto casino, suffered a security breach that resulted in the loss of
approximately $4 million. 




Details of the Exploit

The breach at MetaWin exploited the platform’s instant withdrawal mechanism, which was designed for seamless and rapid
transactions. This "frictionless" system inadvertently allowed a hacker to bypass traditional security checks, gaining access to
the casino’s Ethereum and Solana hot wallets. Hot wallets, which remain online for quick transaction processing, are inherently
more vulnerable, and this became the critical entry point for the attack.




Upon detecting the intrusion, MetaWin swiftly disabled withdrawals to secure the system. However, the damage was already done,
with over $4 million drained from the platform. The hacker’s method involved targeting addresses directly linked to the withdrawal
system, using a sophisticated approach that leveraged over 115 addresses. Blockchain expert ZachXBT collaborated with MetaWin to
trace the stolen assets, revealing that the hacker funneled the funds through KuCoin and HitBTC, platforms often utilized for
obfuscating the origin of stolen funds.