CoinEx cryptocurrency exchange recently experienced a major security breach, resulting in the theft of approximately $54 million worth of tokens. The attackers exploited a vulnerability in the exchange’s wallets and siphoned various tokens, including ether (ETH) [3], XRP [3] [4], tron’s TRX [3], MATIC [4], SOL [4], KDA [4], and XDAG [4].
Description
CoinEx detected anomalous withdrawals from its hot wallet addresses and determined that the incident was caused by a hot wallet private key falling into the wrong hands [2]. As a result, the exchange suspended deposits and withdrawals [2] [5], transferred remaining assets to safe addresses [2], and is currently rebuilding its wallet system.
Analysis of the wallets involved in the attack has revealed links to the North Korean attacker group Lazarus [3], which has previously targeted crypto businesses [3]. This connection suggests that the stolen funds may be used to fund the regime’s nuclear and missile programs [2]. CoinEx has released several “suspicious” addresses where the stolen tokens were transferred [3] [4]. Furthermore, the investigation has uncovered a connection between the CoinEx attack and a $41 million exploit on the cryptocurrency betting platform Stake [4], which was also linked to Lazarus [4].
Despite the breach [4], CoinEx reassures users that their assets will not be affected by the heist [2]. The impacted funds represent a small amount of total user holdings [3], and all remaining assets on the exchange are secure [3] [4]. CoinEx is actively working to freeze the assets of the attackers [2]. The exchange has continued to operate and facilitate significant trade volume [4].
Conclusion
The attack on CoinEx is suspected to have been carried out by North Korean hackers, who stole $53 million worth of cryptocurrency after obtaining a leaked private key. CoinEx is taking steps to secure its platform and compensate affected users [1]. The investigation has revealed a suspected involvement of North Korea, and stakeholders of OP & Polygon are awaiting updates on the investigation [1]. The incident highlights the ongoing threat of cyberattacks in the cryptocurrency industry and the need for robust security measures to protect user assets.
References
[1] https://coincu.com/217416-north-korea-suspected-54m-coinex-com-hack/
[2] https://www.infosecurity-magazine.com/news/lazarus-group-blamed-53m-heist-at/
[3] https://www.coindesk.com/tech/2023/09/13/north-korean-attackers-linked-to-54m-coinex-hack-blockchain-data-suggests/
[4] https://finance.yahoo.com/news/54m-coinex-hack-linked-north-050213380.html
[5] https://www.threatshub.org/blog/north-korean-hackers-steal-53-million-in-cryptocurrency-from-coinex/
