Rain cryptocurrency exchange experienced a suspected exploit on April 29, resulting in the transfer of $14.1 million worth of Bitcoin (BTC), Ether (ETH), Solana (SOL), and XRP to a new wallet under suspicious circumstances. The incident was reported by ZachXBT, an on-chain investigator, on May 13, two weeks after the suspicious transactions occurred.
AJ Nelson, co-founder of Rain, confirmed that the transfers were the result of an attack. However, he assured that all assets have been replaced using the exchange’s own funds and that the platform is operating normally.
Rain is a centralized crypto exchange based in Bahrain, catering to customers in Southwest Asia and the Middle East. Since its establishment, it has recorded trading volume exceeding $1 billion, according to regional news site The National.
According to ZachXBT’s Telegram channel, the transferred funds were quickly converted into BTC and ETH through instant exchanges before being deposited into two destination addresses on the Bitcoin and Ethereum networks. The Ethereum address currently holds approximately 1,881 ETH, valued at $5.5 million, while the Bitcoin address holds 137.9 BTC, valued at $8.6 million.
Arkham Intelligence data reveals that the Ethereum destination address received its funds from an address ending in d609. The d609 address, in turn, received the funds from multiple Bitgo multisignature wallets. However, it has not been confirmed that these wallets belong to Rain.
On April 29, the Bitgo wallets made 26 separate transactions, sending ETH and various tokens to the address ending in d609. The transactions included over 590 ETH, approximately 20 billion Shiba Inu, 12,500 Chainlink, $240,000 Tether (USDT), and $500,000 USD Coin (USDC).
The tokens were immediately exchanged for ETH on Uniswap. Meanwhile, the account continued to receive more tokens from the Bitgo wallets, including Aave (AAVE), Yearn Finance (YFI), MakerDAO (MKR), and others.
The account also received funds from a Binance hot wallet.
Cointelegraph reached out to Rain for comment but did not receive a response at the time of publication.
After the article’s publication, Nelson confirmed on X that the transfers were the result of a “security incident.” He emphasized that Rain is regulated by the Central Bank of Bahrain and the Abu Dhabi Global Market, which requires the exchange to hold reserves equal to customer deposits in a 1:1 ratio. Nelson stated that the team immediately covered the losses using its own reserves and that the exchange is functioning normally. He also mentioned that they are cooperating with law enforcement to recover the funds.
The incident highlights the ongoing risks of hacks and exploits in the crypto industry. Recently, Gnus.AI lost over $1.27 million due to a compromised Discord server and leaked private key. Additionally, cybersecurity firm Kaspersky reported that the North Korean hacker group Kimsuky has launched a new malware called “Durian” that specifically targets crypto firms.