The blockchain-based poker system CoinPoker’s hot wallet had been hacked on 8th November which caused the loss of nearly 2000 ETH, or around 2 million USD. These attacks targeted wallets or access to a wallet bypassing wallet safeguards, and funnelling money through multiple transactions in an organized manner, that targeted Ethereum, BSC, and Polygon.
Flight of the Attack
According to the comprehensive report by Cyvers alerts, the hack started with a $10K USDT transfer on Ethereum, possibly to check on the system’s susceptibility. Custodial policies limiting the amount of money being transferred were evident from the fact that the hacker undertook 82 transactions within 50 minutes of attacks, all with transaction values not exceeding $25,000. This approach made it difficult to detect the activity immediately while constantly reducing the utilization of the wallet.
The Ethereum and Polygon bridged amounts went through Tornado Cash laundering whereas BSC directly deposited its amount to the mixer. The attacker divided transactions into small sizes and made good use of Tornado Cash to ensure that the assets stolen from the network would be almost untraceable.
Coinpoker’s Security and Custodial Challenges
The platform uses the custody solution, such as Fireblocks, prioritizes security measures, including the multi-party computation (MPC) and Proof of Reserves. Nonetheless, the said event exposed deficiencies in the security of custody. Whether Fireblocks was used to manage the sawed-off wallet or there is another solution, it is clear that the problem requires more proactive protection.
The attack indicates that proper access controls and monitoring solutions should be applied to hot wallets properly. Using policies like incremental transfer and refined laundering methods, the funds became practically undetectable to reinstate.
The CoinPoker hack is an excellent reminder for the crypto community about the importance of improving the security of wallets and exercising a more careful approach to the work of custodians.
