CoinEx Hot Wallets Drained Of $55 Million in Hack Linked To North Korea’s Lazarus Group

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

CoinEx
CoinEx

Join Our Telegram channel to stay up to date on breaking news coverage

North Korea’s Lazarus Group was likely behind a hack of crypto exchange CoinEx that emptied several hot wallets holding more than $55 million in cryptocurrencies.

The notorious group, known for targeting crypto businesses, is also believed to have conducted other recent hacks on betting site Stake and payment processor Alphapo.

Blockchain sleuths Slowmist and ZachXBT say some of the hacked CoinEx funds were sent to wallets connected to Stake’s $41 million hack earlier this month. Some of the addresses used were also connected to the attack on Alphapo in July that resulted in $60 million of losses.

Cybersecurity firms including PeckShield and Cyvers Alert were the first to spot a suspicious outflow of funds from the exchange’s wallets.

CoinEX Detected ”Anomalous Withdrawals”

CoinEx suspended withdrawals to facilitate a thorough review and investigation. It subsequently tweeted that it had “detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets.”

 

The fact that all of the stolen money was sent to a wallet with no prior transaction history instantly sparked suspicions for the security companies, which led them to believe that CoinEx had been hacked.

According to Etherscan data, a series of sizable transfers involving different cryptocurrencies were started by 4 CoinEx hot wallets to a single address. The first transaction in the sequence moved about 4,947 Ether, or about $7.9 million at the time.

This was followed by using Uniswap to convert a number of other tokens from the exchange wallet into Ethereum. Then, a notable movement of tokens from the hot wallet to the same address involving 408,741 DAI, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and numerous other tokens took place.

According to data by Cyvers Alert, additional transactions including the transfer of over $8.5 million in cryptocurrency assets to a Tron address and $291,000 in assets to a Polygon address were also noted. This initial sequence of transactions amounted to $27.4 million in losses.

Upon further investigation, the crypto exchange discovered several other wallets that had been drained of assets in the form of various crypto tokens including Bitcoin, Arbitrum, Solana, XRP, and several others. As such, the total loss has quickly increased to around $55 million worth of crypto.

However, in its post on X, CoinEx said that the actual amount of the loss was still being determined, adding that it was “just a very small portion of CoinEx’s total asset[s].”

The exchange also went on to assure its customers that their funds were safe and that they would be made whole in the event of any losses.

“We assure all users: your assets are secure and untouched. Affected parties will receive 100% compensation for any loss due to this breach,” CoinEx said adding “You have our solemn promise that a detailed timeline and comprehensive report about this incident will be shared with the community as swiftly as possible.”

New Ties Emanate

Continued investigations have revealed that the exploit is reportedly a result of a private key compromise, a vulnerability that has so far led to the loss of over $377 million across the industry.

CoinEx Boasted Last Month That It Had No Security Breaches

Established in 2017, crypto exchange CoinEx made its name by centering around Bitcoin Cash (BCH) after the first hard fork of Bitcoin. In a blog post last month, the crypto exchange boasted that it “has never suffered any security breach thanks to its world-class security infrastructure”.

Unfortunately, given the nature of the blockchain and cryptocurrency sector, exploits have become increasingly common with new ways being devised even as security levels increase across platforms.

According to a report by CertiK, the crypto industry lost close to $1 billion to hacks and scams by the end of August, and the value is expected to continue increasing, possibly surpassing last year’s loss of $3.2 billion.

Related Articles

Newest Meme Coin ICO - Wall Street Pepe

Rating

Wall Street Pepe
  • Audited By Coinsult
  • Early Access Presale Round
  • Private Trading Alpha For $WEPE Army
  • Staking Pool - High Dynamic APY
Wall Street Pepe

Join Our Telegram channel to stay up to date on breaking news coverage

Read next

Please enter Coingecko & CoinMarketcap Api Key to get this plugin works