Crypto casino Metawin hacked, $4 million stolen in ETH and SOL.
Metawin, a crypto casino, was exploited today by a hacker and lost more than $4 million in Ethereum (ETH) and Solana (SOL).
Over 115 Addresses were linked to the hacker, who then moved the stolen funds to KuCoin and a nested service on HitBTC.
This latest hack adds to a string of high-profile thefts that have plagued the DeFi sector, making October one of the worst months for crypto security breaches.
The month saw 20 reported crypto attacks, causing a combined loss of around $88.47 million, highlighting ongoing vulnerabilities in the decentralized finance (DeFi) space.
Radiant Capital experienced October’s worst single hack. On October 17, attackers exploited weak points in Radiant’s smart contracts, swiping $53 million.
Using cross-chain protocols, hackers and bridged the stolen assets to Ethereum, making the theft difficult to trace. Radiant’s massive breach added fuel to concerns over DeFi’s cross-chain vulnerabilities.
A wallet linked to the U.S. government, saw an unusual incident. Hackers compromised the wallet, snatching about $20 million.
Strangely, most of the funds were returned, though around $700,000 remains missing. It’s not every day that a government-controlled wallet gets hacked, adding a bizarre twist to October’s crime spree.
EigenLayer, a liquid staking network, faced its own mess earlier in the month. On October 4, attackers looted $5.7 million, which was quickly laundered through exchanges like HitBTC and Bybit. This breach underscored the persistent weaknesses in staking and liquidity protocols.
The Tapioca Foundation, another DeFi platform, suffered a major loss. Hackers targeted its token vesting contract using social engineering tactics, managing to steal $4.7 million.
Sunray Finance, lost $2.86 million. Attackers manipulated token values on the Arbitrum chain, causing Sunray’s SUN token to nosedive. Another stark reminder of how fragile DeFi platforms can be, especially when attackers play with token values directly.
As of November 2024, total losses from crypto hacks have hit over $1.4 billion, spanning 179 incidents. Although this year has seen fewer individual attacks than in past years, the average loss per hack is climbing. The stakes are higher, and the attacks keep getting bolder and costlier.
In Q3 alone, hackers stole around $750 million across 155 incidents. That’s fewer attacks but larger hauls. Each hack averaged a staggering $5.93 million in stolen assets, with a median loss of around $120,529.
Phishing attacks remain a go-to method. During Q3, phishing was behind $343 million in losses across 65 incidents. Hackers often trick users into handing over their keys or clicking malicious links, and the results are predictable and devastating.
Another classic is private key compromises. These attacks caused around $317 million in losses from just ten incidents. Poor key management remains a glaring issue in crypto. If you hold the keys, you hold the money—and hackers know it.
Other techniques like code vulnerabilities and re-entrancy exploits keep popping up too. These methods exploit flaws in smart contract code, allowing hackers to drain funds by initiating multiple contract calls in a single transaction. It’s been a favorite trick for years, and it’s still working.