The Rain cryptocurrency exchange fell victim to a suspected exploit on April 29, resulting in the transfer of $14.1 million worth of Bitcoin (BTC), Ether (ETH), Solana (SOL), and XRP to a suspicious new wallet, according to an investigation by ZachXBT. The incident occurred two weeks prior to the report.
AJ Nelson, co-founder of Rain, confirmed that the transfers were the result of an attack. Nelson stated that the exchange has replaced all the assets using its own funds and that operations are running smoothly.
Rain is a centralized crypto exchange based in Bahrain, catering to customers in Southwest Asia and the Middle East. It has generated over $1 billion in trading volume since its establishment, according to regional news site The National.
ZachXBT’s official Telegram channel revealed that the transferred funds were quickly converted into BTC and ETH on instant exchanges before being deposited into two separate addresses on the Bitcoin and Ethereum networks. The Ethereum address currently holds approximately 1,881 ETH, worth $5.5 million, while the Bitcoin address holds 137.9 BTC, worth $8.6 million.
Arkham Intelligence data shows that the Ethereum address received funds from an address ending in d609, which in turn received funds from several Bitgo multisignature wallets. However, Arkham has not confirmed that these wallets belong to Rain.
On April 29, the Bitgo wallets conducted 26 transactions, sending ETH and various tokens to the d609 address. The total amount sent included over 590 ETH, as well as Shiba Inu, Chainlink, Tether (USDT), and USD Coin (USDC), with a combined value of over $2.5 million.
The tokens were immediately swapped for ETH on Uniswap, while the account continued to receive additional tokens from the Bitgo wallets, including Aave (AAVE), Yearn Finance (YFI), MakerDAO (MKR), and others.
Furthermore, the account received funds from a Binance hot wallet.
Cointelegraph reached out to Rain for comment but did not receive a response at the time of publication.
After the article was published, Nelson confirmed that the transfers were the result of a “security incident.” He emphasized that Rain is regulated by the Central Bank of Bahrain and the Abu Dhabi Global Market, requiring it to maintain reserves equal to customer deposits. The team has already covered the losses using its own reserves, and the exchange is operating normally. Nelson stated that Rain is working with law enforcement to recover the funds.
The incident highlights the ongoing risk of hacks and exploits in the crypto industry. On May 6, Gnus.AI lost over $1.27 million due to a compromised Discord server and leaked private key. Additionally, cybersecurity firm Kaspersky reported on May 13 that the North Korean hacker group Kimsuky has launched a new malware called “Durian,” specifically targeting crypto firms.
Confirmed exploit results in $14.1M worth of crypto lost by Rain exchange two weeks ago.