Hackers targeted MetaWin’s hot wallets on both the Ethereum and Solana blockchains, taking advantage of what CEO Richard “Skel” Skelhorn described as a “frictionless withdrawal system.” This system, designed to streamline the user experience, instead exposed a vulnerability that the attackers exploited to drain the platform’s assets. 

In response, MetaWin quickly suspended all withdrawals to prevent further losses and reassured users that corrective action was underway. According to Skelhorn, the stolen funds were “topped off,” with the platform working hard to restore account balances. At the time of the latest update, 95% of users had their withdrawal capabilities restored, minimizing service interruptions for most players. However, the platform’s reputation has taken a hit, as the exploit highlights ongoing security challenges in the DeFi and crypto casino spaces, especially where user funds are at risk due to system vulnerabilities.

Blockchain investigator ZachXBT, renowned for tracking crypto thefts, collaborated with Skelhorn to trace the path of the stolen funds. His investigation revealed that the funds had been transferred to both Kucoin and a nested service on HitBTC, a sophisticated attempt to obfuscate the trail. Through his analysis, ZachXBT identified more than 115 addresses associated with the attacker, suggesting an organized operation and possibly even multiple individuals involved in executing the exploit. 

Source: ZachXBT

While the precise identity and motives of the hacker remain unknown, MetaWin has involved law enforcement and other investigative entities to pursue the case further. The platform’s decision to involve the authorities indicates a commitment to both recovering stolen assets and deterring future attacks. This move is especially crucial given the recent wave of crypto hacks, where platforms targeted through hot wallet vulnerabilities and advanced phishing tactics have struggled to secure meaningful cooperation with law enforcement.

In a message to the community posted on Discord, Skelhorn struck a pragmatic but defiant tone. “We’re not gonna dwell on it. It’s in the hands of the feds now, and we will make some internal adjustments to keep the players happy but the bad actors at bay,” he said on Discord. Later, he added a personal note, hinting at his own financial commitment to the recovery process: “I just emptied my piggy bank, we don’t dwell on it. We keep building.” 

This breach is only the latest in a series of crypto hacks targeting hot wallets and exchange protocols. In mid-October, Radiant Capital lost $58 million in a sophisticated exploit involving stolen private keys. Soon after, on October 30, a phishing attack compromised the widely used Lottie Player animation library, impacting platforms like 1inch and TEN Finance. More recently, M2 exchange suffered a $13 million breach under similar circumstances to MetaWin, with its hot wallets as the point of failure.

The MetaWin hack serves as a stark reminder of the risks inherent to hot wallet systems in DeFi and crypto applications, especially those involving real-time withdrawals. As platforms continue to balance usability with security, vulnerabilities like MetaWin’s will likely remain attractive targets for well-organized cybercriminals. With an increasing number of exploits hitting high-profile platforms, industry leaders may face growing pressure to prioritize cryptographic security and rigorous risk assessment—ensuring that “frictionless” user experiences don’t come at the cost of asset safety.