An online casino dealing in cryptocurrency faced a major setback this week as its chief executive officer confirmed a significant cyberattack. The MetaWin online casino, which operates offshore, fell victim to a cyberattack that led to the seizure of $4 million in player funds.
MetaWin is an online gaming platform offering interactive slots, live dealer table games including blackjack, roulette, poker, and baccarat, nonfungible token (NFT) raffles and drawings, and a variety of instant-win games. The platform’s rewards program further qualifies players for daily and weekly “wagering races,” where bettors are ranked based on the total number of real money bets they place. The top prize for the weekly race is $40,000.
Operating offshore, MetaWin holds an internet gaming license from Anjouan, a small archipelagic country off the southeastern coast of Africa. Although the casino is not licensed to take bets in any US state, players using the platform face minimal risk of legal repercussions. Nonetheless, state gaming regulators continue to warn consumers about the dangers of using offshore casinos, pointing out the lack of consumer protections, including the security of online funds. This cautionary note was underscored by the recent hack of MetaWin.
On November 3, Richard Skelhorn, the founder and CEO of MetaWin, confirmed that the casino’s “hot wallets” had been compromised. Skelhorn’s statement came after blockchain investigator ZachXBT revealed on his Telegram channel that MetaWin’s Ethereum and Solana hot wallets had been successfully exploited.
“Today, we experienced an attack where an exploiter was able to withdraw a significant amount from our hot wallets by taking advantage of our frictionless withdrawal system,” Skelhorn wrote. “We’ll be implementing additional security controls for new users, while also exploring ways to maintain a flexible and seamless experience for our trusted community.”
Hot wallets are cryptocurrency wallets that remain connected to the internet, used for temporary key storage and to facilitate the sending and receiving of cryptocurrency. While cold wallets, which store crypto offline, are considered the safest for securing digital currency, hot wallets are essential for transacting coins such as Bitcoin, Ethereum, Tether, and Solana.
According to ZachXBT, the hackers managed to transfer $4 million in cryptocurrency to KuCoin and a nested cold wallet at HitBTC. The online investigator identified over 115 addresses associated with the malicious actor. In response, Skelhorn pledged to cover the $4 million loss from his own resources and had already begun compensating affected customers.
“In short, today we faced a challenge, but we’re learning from it and will emerge stronger,” Skelhorn concluded.
Skelhorn’s business acumen is well-documented. In 2015, he founded the Atemi Group, a company specializing in global iGaming lead generation and social media advertising. Skelhorn sold Atemi Group to Better Collective in 2020 for €44 million (US$48 million). That same year, Atemi directed more than 180,000 new depositing customers to its global iGaming and online sportsbook partners. Better Collective, a publicly traded company based in Denmark, owns online media brands such as The Action Network, SportsHandle, and VegasInsider.