The online cryptocurrency casino MetaWin fell victim to a devastating security breach on November 3, 2024, with attackers siphoning approximately $4 million from the platform’s hot wallets. The incident, which blockchain investigator ZachXBT publicly disclosed, exposed critical weaknesses in MetaWin’s so-called frictionless withdrawal mechanism — a feature designed for speed that ultimately became the attackers’ primary entry point.
The Exploit Mechanics
The attacker exploited MetaWin’s streamlined withdrawal infrastructure, which had been optimized for near-instantaneous transactions across both Ethereum (ETH) and Solana (SOL) networks. By targeting the platform’s hot wallets — digital wallets connected to the internet for real-time transaction processing — the malicious actor drained funds before the security team could detect the anomaly. ZachXBT identified 115 distinct wallet addresses connected to the attack, tracing the movement of stolen assets through KuCoin exchange and a nested service operating on HitBTC. These funneling techniques represent classic laundering patterns that complicate fund recovery efforts.
With Bitcoin trading at approximately $67,800 and Ethereum hovering around $2,397 at the time of the attack, the $4 million loss represented a significant blow to the relatively small platform. The attacker’s ability to access both ETH and SOL wallets simultaneously suggests a systemic vulnerability rather than an isolated point of failure.
Affected Systems
The breach impacted MetaWin’s core hot wallet infrastructure across two major blockchain networks. The platform’s Ethereum hot wallet and Solana hot wallet were both compromised, indicating that the vulnerability likely existed in the shared withdrawal processing layer rather than in network-specific implementations. MetaWin CEO Richard “Skel” Skelhorn confirmed the breach and immediately suspended all withdrawal operations to prevent further losses.
Approximately 95% of MetaWin’s user base eventually regained access to their funds following the incident. Skelhorn publicly stated that he used personal funds to partially cover the losses, telling the community, “I just emptied my piggy bank — we keep building.” The platform contacted federal law enforcement, and the investigation was handed over to authorities.
The Mitigation Strategy
In the wake of the attack, MetaWin implemented several emergency measures. Withdrawals were temporarily halted while the security team conducted a comprehensive audit of the withdrawal system. The platform engaged with on-chain investigators and exchange compliance teams to flag stolen funds. Skelhorn acknowledged that internal adjustments were necessary to balance user convenience with security, stating the platform would make changes to “keep the players happy but the bad actors at bay.”
The broader industry context underscores the severity of the situation. October 2024 alone saw 20 major crypto exploits totaling approximately $88.47 million in losses. Just weeks earlier, Radiant Capital suffered a $58 million breach through compromised multi-signature wallets, and the M2 exchange lost $13 million in a separate hot wallet attack.
Lessons Learned
The MetaWin incident highlights several recurring vulnerabilities in cryptocurrency platforms. First, frictionless withdrawal systems that prioritize speed over security create exploitable attack surfaces. Multi-signature wallet configurations and mandatory withdrawal delays — even brief ones — can significantly reduce the window of opportunity for attackers. Second, hot wallets should maintain minimal balances relative to total platform reserves, with the bulk of assets stored in air-gapped cold wallets. Third, real-time transaction monitoring with anomaly detection algorithms is essential for platforms handling significant user funds.
User Action Required
For MetaWin users and the broader crypto community, this incident serves as a reminder to practice vigilant security hygiene. Users should enable all available two-factor authentication methods, regularly review wallet transaction histories, and avoid keeping large balances on any single platform. Those affected by the MetaWin hack should monitor official communications from the platform and law enforcement for updates on fund recovery efforts. As the crypto industry matures, the responsibility for security is increasingly shared between platforms and their users — and the cost of getting it wrong is measured in millions.
This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research and consult qualified professionals before making decisions about cryptocurrency security.
115 wallet addresses and they still couldnt stop the draining. frictionless withdrawals sound great until they frictionlessly drain your treasury
hot wallets connected 24/7 for instant withdrawals is just asking for trouble. any crypto casino doing this in 2024 deserves what happens
ZachXBT doing more for crypto security than every compliance team combined. tracked the funds through KuCoin and HitBTC in real time
the nested service on HitBTC is classic. they always use smaller exchanges as intermediary before hitting tornado
chain_sleuth hitbtc nested services have been a laundering pipeline since like 2019. regulators shut one down and three more pop up
ZachXBT_fan zach tracks stuff in real time that paid security teams miss for months. the man is a one person chainalysis
4M from a casino most people never heard of. Makes you wonder how many smaller platforms are getting drained without anyone noticing.