Australian exchange CoinSpot reportedly hacked for $2m

A blockchain analyst under the pseudonym ZachXBT reported suspicious transactions from the wallets of the Australian exchange CoinSpot totaling $2 million.

In his Telegram channel, blockchain detective ZachXBT pointed out two transactions. First, the attackers withdrew 1,262 Ethereum (ETH) and then another 20.99 ETH.

The stolen funds were exchanged for Wrapped Bitcoins (WBTC) and stablecoins USDC and USDT. To do this, the attackers directly used the decentralized exchange Uniswap, the THORChain protocol, and the WBTC smart contract.

CoinSpot exchange was founded in 2014, and so far, no incidents related to information security have been recorded on it. At the moment, representatives of the site have not confirmed the hack. The company’s website emphasizes that CoinSpot “maintains the highest security standards by storing the majority of assets in a cold wallet.”

In October, hackers managed to exploit vulnerabilities in the decentralized Onyx Protocol. They stole assets worth over $2 million.

Analysts say the attacker drained Onyx’s liquidity by exploiting a vulnerability in the protocol’s code base known as loss of precision. Specifically, the exploit was implemented using integer rounding facilitated by flash credit.