Taking a Closer Look At CoinSpot Exploit

3 min read

Learn how CoinSpot was exploited, leading to a loss of 1,283 ETH worth $2.472 million.


On November 8, 2023, CoinSpot was exploited across two of its hot wallets, resulting in a loss of over 1,283 ETH, worth approximately $2.472 million.

Introduction to CoinSpot#

CoinSpot is a global-centralized cryptocurrency exchange based out of Australia.

Vulnerability Assessment#

The root cause of the exploit is reportedly due to the compromise of its private keys.


Step 1:

We attempt to analyze one of the attack transactions executed by the exploiter.

Step 2:

This hot wallet of CoinSpot suffered a loss of 1,262 ETH, worth approximately $2,431,728, while another one suffered a loss of 20.99 ETH, worth approximately $40,428.

Step 3:

Reportedly, 831 ETH worth of the stolen funds have been bridged to BTC via THORChain, and the other parts of the stolen funds worth 451.7 ETH have been swapped for WBTC and transferred to Wan Bridge.

Step 4:

These stolen assets are currently held at the following BTC addresses:

bc1qfsm2vhhurrq54w40z8vasjkfhxrvsvysjk9jug - 21.12028973 BTC, worth $773,386
bc1qzl2s7ajehkpu9wdqewg5xqy8nzxv7njctvrqzx - 19.88 BTC, worth $727,948
bc1q49d37gnmdu4p77n9j8c7ytrv30xrrue50r88lh - 14.26262111 BTC, worth $521,861
bc1qtj29wrm56r0lvhqufsju9pr0vakj8uwd38p4gj - 8.55450032 BTC, worth $312,976


Funds flow for CoinSpot Exploit. Courtesy of BreadCrumbs


The team has yet to make an announcement on the occurrence of the exploit.


It is crucial to improve the security of private keys and the general safety of hot wallets in order to reduce the risk of exploits similar to those that CoinSpot experienced. Private keys are akin to the keys to a vault, and if compromised, they can grant attackers unrestricted access to the funds. Therefore, it is paramount that exchanges implement multi-signature technology on hot wallets, requiring more than one key to authorize a transaction, thereby distributing the risk.

Additionally, exchanges could utilize hardware security modules (HSMs) to manage and protect the use of private keys. Hardware security modules (HSMs) are physical devices that are designed to keep digital keys safe and perform cryptographic operations. Compared to software-based key storage solutions, HSMs are much harder to change or hack.

Putting in place a strong intrusion detection system (IDS) can also provide real-time monitoring and alerting of any suspicious activities, allowing for quick responses to possible breaches. Regular security audits and penetration testing can also help identify vulnerabilities before they can be exploited.

Finally, maintaining a portion of funds in cold storage, which is not connected to the internet, can significantly reduce the risk as it limits the amount of funds that are accessible via hot wallets at any given time. By combining these measures, crypto exchanges can significantly bolster the security of their hot wallets and protect their private keys from unauthorized access, reducing the risk of similar exploits in the future.

In light of the security breach at CoinSpot, the implementation of preventive measures is paramount, yet the potential for unforeseen vulnerabilities will always exist. To mitigate such risks, partnerships with service providers and a marketplace like Neptune Mutual are invaluable. By establishing a dedicated cover pool with us prior to any such incident, exchanges can provide a financial safety net for their users against smart contract vulnerabilities. We don't offer coverage for exploits originating due to the compromise of the private keys, but we are open to making exceptions in many cases.

Our role in such scenarios is to remove the onus from users to present extensive proof of loss. Once an incident is confirmed and resolved within our incident management system, Neptune Mutual swiftly shifts focus to claim disbursement, offering prompt financial restitution to those impacted.

Operating on multiple blockchain networks, including EthereumArbitrum, and the BNB chain, Neptune Mutual remains dedicated to ensuring user safety. Our commitment is a cornerstone of trust within the DeFi community, offering reassurance amidst the security challenges exemplified by the CoinSpot incident.

Reference Sources Cyvers