Crypto casino Metawin gets hacked, over $4 million stolen in SOL and ETH

Metawin, a crypto casino, got hit hard today. Hackers exploited it for more than $4 million in Ethereum (ETH) and Solana (SOL).

On-chain sleuth ZachXBT flagged the incident on Telegram, saying, “Looks like the crypto casino Metawin was exploited for $4M+ on Ether and SOL earlier today.” He traced over 115 addresses linked to the attacker, who then moved the stolen funds to KuCoin and a nested service on HitBTC.

This latest hack adds to a string of high-profile thefts that have plagued the DeFi sector, making October one of the bloodiest months for crypto security breaches.

The month saw 20 reported crypto attacks, causing a combined loss of around $88.47 million. This flood of exploits highlights ongoing vulnerabilities in the decentralized finance (DeFi) space, where hackers seem to outmaneuver security upgrades at every turn.

October’s biggest hacks

Radiant Capital experienced October’s worst single hack. On October 17, attackers exploited weak points in Radiant’s smart contracts, swiping $53 million.

Using cross-chain protocols, hackers bridged the stolen assets to Ethereum, making the theft difficult to trace. Radiant’s massive breach added fuel to concerns over DeFi’s cross-chain vulnerabilities.

Then there was a wallet linked to the U.S. government, which saw an unusual incident. Hackers compromised the wallet, snatching about $20 million.

Strangely, most of the funds were returned, though around $700,000 remains missing. It’s not every day that a government-controlled wallet gets hacked, adding a bizarre twist to October’s crime spree.

EigenLayer, a liquid staking network, faced its own mess earlier in the month. On October 4, attackers looted $5.7 million, which was quickly laundered through exchanges like HitBTC and Bybit. This breach underscored the persistent weaknesses in staking and liquidity protocols.

The Tapioca Foundation, another DeFi platform, suffered a major loss. Hackers targeted its token vesting contract using social engineering tactics, managing to steal $4.7 million.

And we can’t leave out Sunray Finance, which lost $2.86 million. Attackers manipulated token values on the Arbitrum chain, causing Sunray’s SUN token to nosedive. Another stark reminder of how fragile DeFi platforms can be, especially when attackers play with token values directly.

A billion-dollar problem

As of November 2024, total losses from crypto hacks have hit over $1.4 billion, spanning 179 incidents. Although this year has seen fewer individual attacks than in past years, the average loss per hack is climbing. The stakes are higher, and the attacks keep getting bolder and costlier.

In Q3 alone, hackers stole around $750 million across 155 incidents. That’s fewer attacks but larger hauls. Each hack averaged a staggering $5.93 million in stolen assets, with a median loss of around $120,529. These numbers show a troubling trend where even a single breach can cripple platforms or wipe out users.

Phishing attacks remain a go-to method. During Q3, phishing was behind $343 million in losses across 65 incidents. Hackers often trick users into handing over their keys or clicking malicious links, and the results are predictable and devastating.

Another classic is private key compromises. These attacks caused around $317 million in losses from just ten incidents. Poor key management remains a glaring issue in crypto. If you hold the keys, you hold the money—and hackers know it.

Other techniques like code vulnerabilities and re-entrancy exploits keep popping up too. These methods exploit flaws in smart contract code, allowing hackers to drain funds by initiating multiple contract calls in a single transaction. It’s been a favorite trick for years, and it’s still working.

Each of these attacks, from Radiant Capital’s $53 million breach to Metawin’s $4 million heist, lays bare the challenges in securing decentralized finance. Stopping the hackers would require platforms to step up their defenses and stop treating security as an afterthought.