Online Cryptocurrency Casino Hacked to the Tune of $4 Million
An offshore cryptocurrency casino was reportedly hacked just this week. Metawin, an online casino platform dealing only in cryptocurrency that offers slots, live casino games, and more, announced that it was hacked through its frictionless withdrawal system via its 'hot wallets.'
An online gaming platform specializing in cryptocurrency transactions, MetaWin, fell victim to a sophisticated cyberattack this week, costing the platform $4 million in funds. The company's Chief Executive Officer, Richard Skelhorn, confirmed the breach after blockchain investigator ZachXBT uncovered the exploit on a blockchain Telegram channel.
MetaWin, an offshore gaming site, offers an array of services, including interactive slots, instant-win games, live dealer games like blackjack and poker, and nonfungible token or NFT raffles. The platform also hosts daily and weekly 'betting races' which reward players based on the volume of their bets, with top weekly prizes reaching up to $40,000. Although the online casino is headquartered in London, it operates offshore through a license issued by Anjouan, an island nation located off Africa's southeastern coast. MetaWin does not hold a license to operate in the United States.
Despite its offshore status, MetaWin has attracted a substantial following, though regulators frequently caution against the risks associated with unlicensed platforms. Regulators warn that such sites often lack consumer protections, leaving players vulnerable to financial losses if security measures fail.
Details of the hack: $4 million in crypto stolen
The breach reportedly targeted MetaWin's "hot wallets" - cryptocurrency wallets connected to the internet to facilitate transactions. Hot wallets, while efficient for frequent transfers, are more vulnerable to hacking than "cold wallets," which store digital currency offline, providing greater security against cyber threats.
ZachXBT's analysis revealed that the attackers exploited MetaWin's frictionless withdrawal system, enabling them to drain approximately $4 million from the platform's hot wallets. Once seized, the stolen funds were quickly moved to cryptocurrency exchanges HitBTC and KuCoin, where they were nested in a cold wallet to evade detection. ZachXBT tracked over 115 addresses linked to the hackers, highlighting the scale and sophistication of the attack.
Reacting swiftly, Skelhorn addressed the incident in a statement on November 3, confirming the breach and outlining plans to increase security. "Today, we experienced an attack where an exploiter was able to withdraw a significant amount from our hot wallets by taking advantage of our frictionless withdrawal system," Skelhorn said. "We'll be implementing additional security controls for new users, while also exploring ways to maintain a flexible and seamless experience for our trusted community."
In response to the loss, Skelhorn has committed to covering the $4 million shortfall himself. "In short, today we faced a challenge, but we're learning from it and will emerge stronger," he stated, assuring affected users that their funds would be restored.
Mastering the iGaming industry
Skelhorn's experience in the digital gaming and marketing industry is extensive. He founded Atemi Group in 2015, a company specializing in social media advertising and lead generation in iGaming. Atemi's success in directing traffic and new customers to online casinos and sportsbooks attracted the attention of Better Collective, a Danish media firm, which acquired Atemi for around $48 million in 2020. Atemi's success was significant: in 2020 alone, the company directed over 180,000 new depositing customers to its global partners.
Better Collective, which owns prominent brands like The Action Network, VegasInsider, and SportsHandle, continues to benefit from Atemi's established reputation and marketing prowess. Skelhorn's experience and resources have been instrumental in MetaWin's success, but the recent cyberattack shows the ongoing challenges facing online casinos reliant on cryptocurrency.
Ongoing risks in offshore gaming
MetaWin's breach reinforces concerns from regulators about the risks associated with unlicensed gaming sites, especially those dealing in cryptocurrency. Players are often drawn to offshore casinos by the promise of anonymity and ease of access, but the recent hack demonstrates the potential dangers of trusting unregulated platforms.
As online gaming and digital assets converge, the MetaWin incident could prompt further discussions on tightening cybersecurity regulations for offshore platforms. For now, Skelhorn's handling of the breach may offer a temporary reprieve for MetaWin, but the long-term implications remain uncertain.