The blockchain-based poker platform, CoinPoker, recently faced a serious security breach when its hot wallet was hacked on November 8th. This breach resulted in the loss of nearly 2000 ETH, valued at approximately 2 million USD. The sophisticated attack targeted the wallets by bypassing existing security measures and funneled the funds through multiple transactions. The assault affected major blockchain networks, including Ethereum, Binance Smart Chain (BSC), and Polygon, showcasing the vulnerability of digital wallets.
Flight of the Attack
According to a detailed report by Cyvers alerts, the breach began with a strategic $10,000 USDT transfer on the Ethereum network, likely as a test to gauge the system’s vulnerability. The hacker’s strategy involved 82 rapid transactions within a span of 50 minutes, each transaction staying under the $25,000 mark. This calculated approach made it challenging to detect the suspicious activity immediately, while steadily depleting the wallet’s resources.
The stolen Ethereum and Polygon assets were laundered through Tornado Cash, a popular mixing service, whereas the BSC funds were directly deposited into the mixer. By breaking down the transactions into smaller amounts and utilizing Tornado Cash, the attacker managed to obscure the trail, making the stolen assets almost impossible to trace.
CoinPoker’s Security and Custodial Challenges
CoinPoker employs robust custody solutions like Fireblocks, which focuses on stringent security measures, including multi-party computation (MPC) and Proof of Reserves. Despite these precautions, the recent incident highlighted gaps in the platform’s security framework. Whether Fireblocks managed the compromised wallet or another solution was in place, the breach underscores the urgent need for more proactive and dynamic security protocols.
The attack serves as a stark reminder of the necessity for implementing comprehensive access controls and continuous monitoring solutions for hot wallets. By employing strategies such as incremental transfers and sophisticated laundering techniques, the hacker rendered the stolen funds practically undetectable and irretrievable.
This incident is a crucial wake-up call for the crypto community to enhance wallet security and adopt a more vigilant approach towards custodial services. The need for improving cybersecurity measures and ensuring robust protection against such attacks cannot be overstated.
