CoinSpot

On November 8, 2023, CoinSpot, Australia’s largest cryptocurrency exchange, was hit by a hack that drained 1,282 ETH ($2.4 million) from its hot wallets, as uncovered by blockchain sleuth ZachXBT on Telegram, per CoinMarketCap. Detected at 02:00 UTC, the breach, likely due to a private key compromise, saw two transactions—1,262 ETH and 20.99 ETH—sent to the attacker’s wallet (0x326…), per Etherscan.

The hacker swiftly swapped 450 ETH for 24 WBTC via Uniswap and 831 ETH for Bitcoin via THORChain, dispersing the BTC across four wallets to obscure tracking, per BTCScan. CoinSpot, with 2.5 million users and $200 million daily trading volume per CoinMarketCap, remained silent, neither confirming nor denying the hack, despite its AUSTRAC regulation, per the article.

No funds were recovered, but CoinSpot assured users their assets were secure, continuing operations while bolstering security with cybersecurity experts, per Cointelegraph.

Like Coins.ph’s $6 million XRP theft, this incident exposes hot wallet risks. CoinSpot’s muted response left users in the dark, a stark contrast to its “secure” branding, reminding the crypto world that even giants can stumble when keys fall into the wrong hands.