Bahrain-based cryptocurrency exchange Rain has fallen victim to a significant exploit, resulting in the loss of approximately $14.8 million worth of digital assets.
The incident, which occurred on April 29, 2024, was brought to light by renowned blockchain investigator ZachXBT, who shared the details on their Telegram channel.
TLDR
- Bahrain-based crypto exchange Rain was likely exploited for $14.8 million on April 29, 2024, according to blockchain sleuth ZachXBT.
- The stolen funds, consisting of BTC, ETH, SOL, and XRP, were quickly transferred to instant exchanges, swapped for BTC and ETH, and divided into wallets containing 137.9 BTC and 1,881 ETH.
- The exchange’s “pro” version has been intermittently down since May 5, and Rain obtained a license to operate a virtual asset brokerage and custody service in the UAE in 2023.
- The suspicious outflows were initially transferred from several BitGo multisignature wallets to an address ending in d609, which then swapped the tokens for ETH on Uniswap.
- Rain published a statement claiming that the issue had been resolved and necessary steps were taken to protect customer funds.
According to ZachXBT’s findings, Rain’s Bitcoin (BTC), Ethereum (ETH), Solana (SOL), and XRP wallets experienced suspicious outflows, amounting to a total of $14.8 million.
The stolen funds were promptly transferred to instant exchanges, where they were swapped for BTC and ETH before being divided into two wallets containing 137.9 BTC and 1,881 ETH, respectively.
These wallets have remained inactive since the exploit took place.
Further investigation by Arkham Intelligence revealed that the suspicious outflows originated from several BitGo multisignature wallets, which sent the funds to an address ending in d609.
This address then proceeded to swap the various tokens, including Shiba Inu, Chainlink, Tether, and USD Coin, for ETH on the decentralized exchange Uniswap.
The account continued to receive additional tokens from the BitGo wallets during the swapping process, including Aave, Yearn Finance, and MakerDAO.
In the wake of the exploit, Rain’s advanced trading platform, known as the “pro” version, has been intermittently down since May 5.
The exchange, which specializes in serving customers from Southwest Asia and the Middle East, had previously secured a license to operate a virtual asset brokerage and custody service in the United Arab Emirates in 2023.
Hours after ZachXBT’s post, Rain issued a statement addressing the incident, assuring users that the necessary steps had been taken to resolve the matter and protect customer funds.
The exchange claimed to have isolated the issue and implemented additional security controls as soon as they became aware of the exploit.