QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$4 400 000 USD
NOVEMBER 2024
GLOBAL
METAWIN
DESCRIPTION OF EVENTS

"Welcome to Winning in Web3! Connect your Web3 wallet to enjoy… Super fast winnings! No pesky human interactions or wagering of deposits. Secure, Transparent on-chain instant prize draws."
"An exploiter managed to steal a significant amount of tokens from crypto casino Metawin's Ethereum and Solana hot wallets by exploiting the protocol's "frictionless withdrawal system," Metawin CEO Richard "Skel" Skelhorn announced early on Sunday."
"According to on-chain detective ZachXBT, the cryptocurrency gambling platform MetaWin was reportedly attacked, resulting in the theft of over $4 million on the Ethereum and Solana blockchains."
"Blockchain sleuth ZachXBT, alongside Skelhorn, pegged the amount stolen to over $4 million with 115 theft addresses tied to the exploit, implying some level of technical competence on the part of the hacker. "So far the stolen funds have been transferred to Kucoin and a HitBTC nested service," ZachXBT noted."
"Metawin has restored access, backfilled the stolen funds, and contacted law enforcement, according to its CEO."
"While Metawin's withdrawals were temporarily disabled, they've since been re-enabled according to an update from Skelhorn on Discord. Skelhorn also noted that the authorities had been contacted."
"Hey guys... Today we experienced an attack where an exploiter was able to withdraw a significant amount from our hot wallets by taking advantage of our frictionless withdrawal system. We temporarily paused withdrawals to assess and secure our systems. Now, withdrawals have been re-enabled for 95% of users, with final checks underway for the remaining accounts. We're in the process of topping up wallet balances now. We'll also be implementing additional security controls for new users, while also exploring ways to maintain a flexible and seamless experience for our trusted community. In short, today we faced a challenge, but we're learning from it and will emerge stronger. Apologies for the temporary pause, everything will be back to normal within the hour."
"We’re not gonna dwell on it. It’s in the hands of the feds now and we will make some internal adjustments to keep the players happy but the bad actors at bay," Skelhorn's update states. In an earlier message, Skelhorn implied he covered for the hack with own funds, writing, "I just emptied my piggy bank, we don’t dwell on it. We keep building."
MetaWin is an online casino with support for both Ethereum and Solana. On November 3rd, their frictionless hot waller system was exploited and used to withdraw $4.4m worth of cryptocurrency. The MetaWin CEO has replenished the funds from his own personal savings, performed a security assessment and upgrade, and vowed that the platform will continue to operate.
ZachXBT:加密博彩平台Metawin疑遭攻击损失超400万美元_快讯-odaily (Dec 9)
ZachXBT: The crypto gambling platform Metawin is suspected to have been hacked, resulting in losses exceeding 4 million dollars - ChainCatcher (Dec 9)
Crypto Casino Platform MetaWin Hacked - Brave New Coin (Dec 9)
Cryptohack Roundup: M2, Metawin Exploits - BankInfoSecurity (Dec 9)
https://www.theblock.co/post/324251/crypto-casino-metawin-loses-4-million-to-exploit-of-ethereum-solana-hot-wallets (Dec 9)
ZachXBT's report on Chainabuse: Hack - Other (Dec 9)
Telegram: Contact @investigations (Dec 9)
Discord (Dec 9)
Online Casino MetaWin hacked for $4 million — ZackXBT — TradingView News (Dec 9)
Lessons from the MetaWin Hack: Balancing Convenience and Security in Crypto - OneSafe Blog (Dec 9)
El Dorado P2P Lessons from the Metawin Hack: Securing Crypto Platforms (Dec 9)
Explained: The MetaWin Hack (November 2024) (Dec 9)
MetaWin Suffers $4M Hot Wallet Exploit, Recovers Withdrawals for Most Users - BitcoinWorld (Dec 9)
Next-Gen Solana Explorer (Dec 9)
