CoinPoker Hot Wallet Third-party Vulnerability

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 12:03, 20 December 2024 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/coinpokerhotwalletthirdpartyvulnerability.php}} {{Unattributed Sources}} thumb|CoinPoker Logo/HomepageCoinPoker is an online poker/gambling site where players can play Poker against one another. On November 7th, a large withdrawal occurred from their hot wallet. The system was brought offline the next day, and they sent the hacker an on-chain message roughly a wee...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

CoinPoker Logo/Homepage

CoinPoker is an online poker/gambling site where players can play Poker against one another. On November 7th, a large withdrawal occurred from their hot wallet. The system was brought offline the next day, and they sent the hacker an on-chain message roughly a week later. In response, it appears that the hacker decided to move the funds through TornadoCash.[1][2][3][4][5][6][7]

About CoinPoker

"Join the No.1 Crypto Poker Site and Receive up to $2,000 Welcome Bonus! Instant withdrawals to your crypto wallet. 150% welcome bonus + 33% rakeback. Customer funds secure & visible on-chain"

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"On November 8, a hacker breached the CoinPoker’s hot wallet, resulting in the unauthorized draining of approximately $2M USD."

Key Event Timeline - CoinPoker Hot Wallet Third-party Vulnerability
Date Event Description
November 7th, 2024 11:01:35 PM MST First Transfer To Theif The first transfer to the thief address based on the address contacted by CoinPoker.
November 8th, 2024 4:01:00 AM MST Withdrawals Under Maintenance The CoinPoker team announces that the withdrawals system is presently undergoing maintenance.
November 8th, 2024 12:55:00 PM MST Withdrawals Back Online The CoinPoker team announces that the withdrawal system is now back online.
November 11th, 2024 8:36:00 AM MST Application Under Maintenance The application is currently unavailable for some "necessary maintenance".
November 16th, 2024 4:27:11 AM MST Blockchain Direct Message The CoinPoker team reached out to the attacker on the blockchain, willing to negotiate a potential bounty for the safe return of the funds.
November 17th, 2024 12:57:35 AM MST TornadoCash Depositing The funds start to be deposited into TornadoCash.
November 18th, 2024 3:23:00 AM MST CyversAlert Tweeting CyversAlert tweets about the incident.

Technical Details

"The attack spanned across multiple blockchain networks, including BNB Chain, Ethereum, and Polygon networks."

Total Amount Lost

The total amount lost has been estimated at $2,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Hey everyone! Just a quick heads-up: our withdrawal feature is taking a little break for some maintenance. We’re on it and expect to have it back up and running soon! Depositing remains available. Thanks for your understanding and patience!"

"Good news all, Withdrawals are working again! Happy Friday :)"

"ALERT! Our system recently flagged multiple hack transactions involving @CoinPoker_OFF across the #Bnb, #Ethereum, and #Polygon chains. It appears that an unauthorized address gained control of CoinPoker's hot wallet. The attacker transferred around $2M $USDT, swapped it into native currencies on various chains, and then funneled the funds through @TornadoCash. The transaction patterns suggest that CoinPoker's hot wallet has utilized a custodian service with a specific policy in place!"

Ultimate Outcome

"To the individual responsible for the recent exploit: We are aware of the activity involving funds stolen from the wallet address 0x3c1727C283370e476a63768C7cAb843B8bd63130. This message is from CoinPoker to confirm its authenticity. We seek to establish secure communication to address this matter constructively. If you are open to a resolution, please respond via email to incident.response@coinpoker.com We are willing to discuss terms, including a potential bounty, for the safe return of the funds."

"Later, [the attacker] funneled through Tornado Cash to obscure the trail and to launder the funds."

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. CoinPoker exploited for $2 million (Accessed Dec 11, 2024)
  2. @CyversAlerts Twitter (Accessed Dec 11, 2024)
  3. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Dec 11, 2024)
  4. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Dec 11, 2024)
  5. @CoinPoker_OFF Twitter (Accessed Dec 11, 2024)
  6. @CoinPoker_OFF Twitter (Accessed Dec 11, 2024)
  7. Archived tweet – Web3 is Going Just Great (Accessed Dec 11, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=CoinPoker_Hot_Wallet_Third-party_Vulnerability&oldid=6396"