Rain is a major cryptocurrency exchange that is popular in the Middle East and Turkey. It suffered a $14.8 million hack on April 29th, 2024. However, the incident wasn’t publicly reported until two weeks later after ZachXBT outed the exchange.
Inside the Attack
Rain is a centralized cryptocurrency exchange (CEX) that is headquartered in Bahrain. It also operates in several Middle Eastern and Southwest Asian countries.
On April 29, suspicious outflows occurred from several Bitgo wallets believed to be associated with the project. In total, an estimated $14.8 million was transferred and swapped to BTC and ETH. The resulting 137.9 BTC and 1881 ETH were transferred to two wallets (BTC and ETH).
Rain made no mention of the hack in the two weeks after it occurred. The suspicious transactions were identified and tracked by ZachXBT and reported on May 13th via his Telegram channel.
After ZachXBT broke the news of the security incident, Rain issued an official statement regarding the incident. In this post, they acknowledged that the hack had occurred and stated that they implemented additional security controls designed to prevent similar incidents in the future. Additionally, the exchange claimed that all of the stolen funds were covered by the exchange and that the security incident would have no impact on customer funds.
Lessons Learned from the Attack
The Rain incident is a prime demonstration of how not to handle a security incident in the DeFi space. Initially, the cryptocurrency exchange attempted to ignore the hack, not mentioning it for multiple weeks while pretending that everything was business as usual.
However, blockchain sleuths like ZachXBT are always looking for suspicious events like this, making it difficult to sweep major hacks under the rug. Once the incident was out in the open, Rain issued a public statement acknowledging the hack but providing no real details other than the fact that the CEX had sufficient funds to cover the stolen assets.
Most likely, this incident was caused by a failure to properly secure the private keys that manage blockchain accounts. Since this incident only involved unusual transfers — and not smart contracts — the attacker must have had the ability to generate valid digital signatures for the attack transactions.
To learn more about best practices for protecting your private keys against compromise — such as the use of multi-signature wallets — check out our article on digital asset security.