CoinEx Hot Wallets Drained Of $55 Million in Hack Linked To North Korea's Lazarus Group

Join Our Telegram channel to stay up to date on breaking news coverage

North Korea’s Lazarus Group was likely behind a hack of crypto exchange CoinEx that emptied several hot wallets holding more than $55 million in cryptocurrencies.

The notorious group, known for targeting crypto businesses, is also believed to have conducted other recent hacks on betting site Stake and payment processor Alphapo.

Blockchain sleuths Slowmist and ZachXBT say some of the hacked CoinEx funds were sent to wallets connected to Stake’s $41 million hack earlier this month. Some of the addresses used were also connected to the attack on Alphapo in July that resulted in $60 million of losses.

It appears North Korea is also responsible for the $54M @coinexcom hack from yesterday after they accidentally connected their address to the $41M Stake hack on OP & Polygon.

0x75497999432b8701330fb68058bd21918c02ac59 pic.twitter.com/9qZPdc3yhT

— ZachXBT (@zachxbt) September 13, 2023

🚨SlowMist Security Alert🚨

1/ @coinexcom Exploiter, @Stake Exploiter and #Alphapo Exploiter may all have ties to the North Korean Hackers known as #LazarusGroup.

Here’s how we came to that conclusion: https://t.co/IGNldb2ZZJ pic.twitter.com/SLGzSgbCis

— SlowMist (@SlowMist_Team) September 13, 2023

Cybersecurity firms including PeckShield and Cyvers Alert were the first to spot a suspicious outflow of funds from the exchange’s wallets.

Hi @coinexcom, suspicious outflow of large funds from #coinex hot wallets. https://t.co/C1kCcdnIRQ

— PeckShield Inc. (@peckshield) September 12, 2023

CoinEX Detected ”Anomalous Withdrawals”

CoinEx suspended withdrawals to facilitate a thorough review and investigation. It subsequently tweeted that it had “detected anomalous withdrawals from several hot wallet addresses used to store CoinEx’s exchange assets.”

The fact that all of the stolen money was sent to a wallet with no prior transaction history instantly sparked suspicions for the security companies, which led them to believe that CoinEx had been hacked.

According to Etherscan data, a series of sizable transfers involving different cryptocurrencies were started by 4 CoinEx hot wallets to a single address. The first transaction in the sequence moved about 4,947 Ether, or about $7.9 million at the time.

This was followed by using Uniswap to convert a number of other tokens from the exchange wallet into Ethereum. Then, a notable movement of tokens from the hot wallet to the same address involving 408,741 DAI, 2.7 million Graph (GRT) tokens, 29,158 Uniswap (UNI) tokens, and numerous other tokens took place.

According to data by Cyvers Alert, additional transactions including the transfer of over $8.5 million in cryptocurrency assets to a Tron address and $291,000 in assets to a Polygon address were also noted. This initial sequence of transactions amounted to $27.4 million in losses.

Upon further investigation, the crypto exchange discovered several other wallets that had been drained of assets in the form of various crypto tokens including Bitcoin, Arbitrum, Solana, XRP, and several others. As such, the total loss has quickly increased to around $55 million worth of crypto.

However, in its post on X, CoinEx said that the actual amount of the loss was still being determined, adding that it was “just a very small portion of CoinEx’s total asset[s].”

Urgent Notice: Security Incident on CoinEx – Immediate Actions Underway

On September 12, 2023, our Risk Control System detected anomalous withdrawals from several hot wallet addresses used to store CoinEx's exchange assets. Promptly recognizing the gravity of the situation, we…

— CoinEx Global (@coinexcom) September 12, 2023

The exchange also went on to assure its customers that their funds were safe and that they would be made whole in the event of any losses.

“We assure all users: your assets are secure and untouched. Affected parties will receive 100% compensation for any loss due to this breach,” CoinEx said adding “You have our solemn promise that a detailed timeline and comprehensive report about this incident will be shared with the community as swiftly as possible.”

New Ties Emanate

Continued investigations have revealed that the exploit is reportedly a result of a private key compromise, a vulnerability that has so far led to the loss of over $377 million across the industry.

#CertiKSkynetAlert 🚨

1/ The @coinexcom exploit losses have now reached an estimated $53 million taking the total losses for private key compromises this year to $377.7 million. https://t.co/9IfAfZjvfA

— CertiK Alert (@CertiKAlert) September 13, 2023

CoinEx Boasted Last Month That It Had No Security Breaches

Established in 2017, crypto exchange CoinEx made its name by centering around Bitcoin Cash (BCH) after the first hard fork of Bitcoin. In a blog post last month, the crypto exchange boasted that it “has never suffered any security breach thanks to its world-class security infrastructure”.

Unfortunately, given the nature of the blockchain and cryptocurrency sector, exploits have become increasingly common with new ways being devised even as security levels increase across platforms.

According to a report by CertiK, the crypto industry lost close to $1 billion to hacks and scams by the end of August, and the value is expected to continue increasing, possibly surpassing last year’s loss of $3.2 billion.

Most Searched Crypto Launch - Pepe Unchained

Rating